You have HMAC, KMAC, and ASCON.
You want lightweight? Go with ASCON.
HMAC is two keyed MACs, KMAC is one. HMAC can be lighter in memory with
KMAC faster.
I generally run away from AES-CMAC. It has edge cases where there be
dragons. Thus it has been years since I have don't anything with CMAC.
On 10/31/25 12:55 PM, Sipos, Brian J. wrote:
WG,
In doing some background research for a minimalist COSE profile I ran
into the case that the existing registered AES-MAC algorithm family is
not on the US NIST FIPS 140 approved list [1] but the AES-CMAC family
is approved. I saw some COSE discussion on this going back to 2015 [2]
and 2018 [3] with the conclusion there that AES-CBC-MAC was more
widely supported in constrained environments. Since that time, it
appears that CMAC has been more solidified as the preferred
cipher-based MAC technique.
Is there any COSE WG appetite for registering a FIPS-approved AES-CMAC
algorithm family? This would be a relatively small addition, probably
two code points, and because this is not a technical or security
limitation of the existing AES-MAC registrations I think they would be
left in-place and not deprecated.
I can bring this up at next week’s IETF if there is any interest.
Thanks for any feedback,
Brian S.
[1]
https://csrc.nist.gov/projects/cryptographic-module-validation-program/sp-800-140-series-supplemental-information/sp800-140c
[2]
https://mailarchive.ietf.org/arch/msg/cose/GwP_6EgbzTkzXGh36WhX0nomhT8/
[3]
https://mailarchive.ietf.org/arch/msg/cose/yiLtOdsw6RXC-iHdNHJKGWgfUEs/
_______________________________________________
COSE mailing list [email protected]
To unsubscribe send an email [email protected]
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
