Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Message authentication code
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Implementation== MAC algorithms can be constructed from other cryptographic primitives, like [[cryptographic hash function]]s (as in the case of [[HMAC]]) or from [[block cipher]] algorithms ([[OMAC (cryptography)|OMAC]], [[CCM mode|CCM]], [[Galois/Counter mode|GCM]], and [[PMAC (cryptography)|PMAC]]). However many of the fastest MAC algorithms, like [[UMAC (cryptography)|UMAC]]-[[VMAC]] and [[Poly1305-AES]], are constructed based on [[universal hashing]].<ref>{{cite journal |url=http://www.fastcrypto.org/vmac/draft-krovetz-vmac-01.txt|title=VMAC: Message Authentication Code using Universal Hashing |access-date=16 March 2010 |journal=CFRG Working Group }}</ref> Intrinsically keyed hash algorithms such as [[SipHash]] are also by definition MACs; they can be even faster than universal-hashing based MACs.<ref name="SipHash">{{cite web |url=https://131002.net/siphash/siphash.pdf |title=SipHash: a fast short-input PRF |author1=Jean-Philippe Aumasson |author2=Daniel J. Bernstein |author-link2=Daniel J. Bernstein |name-list-style=amp |date=2012-09-18 }}</ref> Additionally, the MAC algorithm can deliberately combine two or more cryptographic primitives, so as to maintain protection even if one of them is later found to be vulnerable. For instance, in [[Transport Layer Security]] (TLS) versions before 1.2, the [[input data]] is split in halves that are each processed with a different hashing primitive ([[SHA-1]] and [[SHA-2]]) then [[exclusive or|XORed]] together to output the MAC. ===One-time MAC=== [[Universal hashing]] and in particular [[pairwise independent]] hash functions provide a secure message authentication code as long as the key is used at most once. This can be seen as the [[one-time pad]] for authentication.<ref name=":0">{{cite book |author-link=Gustavus Simmons |first=Gustavus |last=Simmons |chapter=Authentication theory/coding theory |title=Advances in Cryptology β Proceedings of CRYPTO 84 |pages=411β431 |year=1985 |location=Berlin |publisher=Springer |isbn= }}</ref> The simplest such pairwise independent hash function is defined by the random key, {{nowrap|''key'' {{=}} (''a'', ''b'')}}, and the MAC tag for a message ''m'' is computed as {{nowrap|''tag'' {{=}} (''am'' + ''b'') mod ''p''}}, where ''p'' is prime. More generally, [[k-independent hashing|''k''-independent hashing]] functions provide a secure message authentication code as long as the key is used less than ''k'' times for ''k''-ways independent hashing functions. Message authentication codes and data origin authentication have been also discussed in the framework of quantum cryptography. By contrast to other cryptographic tasks, such as key distribution, for a rather broad class of quantum MACs it has been shown that quantum resources do not offer any advantage over unconditionally secure one-time classical MACs.<ref>{{Cite journal|last1=Nikolopoulos|first1=Georgios M.|last2=Fischlin|first2=Marc|date=2020|title=Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources|journal=Cryptography|language=en|volume=4|issue=4|pages=31|doi=10.3390/cryptography4040031|arxiv=2011.06849|s2cid=226956062|doi-access=free}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)