Message authentication code

From Wikipedia, the free encyclopedia

A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content, and so should be called Message Authentication and Integrity Code: (MAIC).

A message integrity code (MIC) is different from a MAC in that a secret key is not used in its operation. Although the terms are sometimes used interchangeably, a MIC should always be encrypted during transmission if it is to be used as a reliable gauge of message integrity. On the other hand, a MAC, which uses a secret key, does not necessarily need to be encrypted to provide the same level of assurance. A given message will always produce the same MIC assuming the same algorithm is used to generate both. Conversely, the same message can only generate matching MACs if the same secret key is used with the same algorithms to generate both. MICs don't use secret keys and, when taken on their own, are therefore a much less reliable gauge of message integrity.

While MAC functions are similar to cryptographic hash functions, they possess different security requirements. To be considered secure, a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, he can "never" guess the MAC for any message that he has not yet asked the oracle about. (Here "never" means, "not without doing an infeasible amount of computation").

MACs differ from digital signatures, as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on keys before initiating communications, as is the case with symmetric encryption. For the same reason, MACs do not provide the property of non-repudiation offered by signatures: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric encryption. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.

MAC algorithms can be constructed from other cryptographic primitives, such as cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms (OMAC, CBC-MAC and PMAC).

[edit] Example

[edit] See also

• Integrity check value
• Data Authentication Algorithm, a DES-based MAC algorithm from ANSI
• UMAC
• HMAC
• CMAC
• Poly1305-AES
• Poly1305-AED

[edit] External links

• RSA FAQ's entry on MACs
• Ron Rivest lecture on MACs

v • d • e   Cryptographic hash functions and Message authentication codes (MACs) Hash algorithms: Gost-Hash | HAS-160 | HAVAL | MDC-2 | MD2 | MD4 | MD5 | N-Hash | RadioGatún | RIPEMD | SHA family | Snefru | Tiger | WHIRLPOOL | crypt(3) DES MAC algorithms: DAA | CBC-MAC | HMAC | OMAC/CMAC | PMAC | UMAC | Poly1305-AES Authenticated encryption modes: CCM | CWC | EAX | GCM | OCB Attacks: Hash collision | Birthday attack | Preimage attack | Rainbow table | Brute force attack Misc: Avalanche effect | Hash collision | Merkle-Damgård construction   Standardization: CRYPTREC | NESSIE v • d • e   Cryptography History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers | Steganography