Message authentication code

From Wikipedia, the free encyclopedia

A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content, and so should be called Message Authentication and Integrity Code: (MAIC).

A message integrity code (MIC) is frequently used as a substitute term for the MAC, especially in communications, where MAC acronym is traditionally used for Media Access Control. However, some authors ^[1] use MIC as a distinctly different term from a MAC in that a secret key is not used in MIC operation, so a MIC should always be encrypted during transmission if it is to be used as a reliable gauge of message integrity. A given message will always produce the same MIC assuming the same algorithm is used to generate both. Conversely, the same message can only generate matching MACs if the same secret key and initialization vector are used with the same algorithms to generate both. MICs do not use secret keys and, when taken on their own, are therefore a much less reliable gauge of message integrity. A MAC that uses a secret key does not necessarily need to be encrypted to provide the same level of assurance.

While MAC functions are similar to cryptographic hash functions, they possess different security requirements. To be considered secure, a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, he can "never" guess the MAC for any message that he has not yet asked the oracle about. (Here "never" means, "not without doing an infeasible amount of computation"). Hash functions can be used to create MAC functions; see for example HMAC.

MACs differ from digital signatures, as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on keys before initiating communications, as is the case with symmetric encryption. For the same reason, MACs do not provide the property of non-repudiation offered by signatures: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair, which is asymmetric encryption. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation.

MAC algorithms can be constructed from other cryptographic primitives, such as cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms (OMAC, CBC-MAC and PMAC). However many of the fastest MAC algorithms are constructed based on universal hashing.