2. Message authentication codes

 

This chapter covers:

  • Message authentication codes (MACs), a cryptographic primitive to protect the integrity of data.
  • The security properties and the pitfalls of MACs.
  • The widely adopted standards for MACs.

Chapter 3 from Real-World Cryptography by David Wong

In chapter 2, you’ve learned about an interesting construction --hash functions—that on its own doesn’t provide much, but if used in combination with a secure channel allows you to verify the authenticity and integrity of some data. In this chapter, you will see how you can provide integrity and authenticity over messages without the use of a secure channel at all.

For this chapter you’ll need to have read:

  • Chapter 2 on hash functions.

3.1 Stateless cookies, a motivating example for message authentication codes

Let’s picture the following scenario: you are a webpage. You’re bright, full of colors, and above all you’re proud of serving a community of loyal users. To interact with you, visitors must first log-in by sending you their credentials, which you must then validate. If the credentials match those that were used when the user first signed up, then you have successfully authenticated the user.

3.2 An example in code

3.3 Security properties of a message authentication code

3.3.1 Forgery of authentication tag

3.3.2 Lengths of authentication tag

3.3.3 Replay attacks

3.3.4 Verifying authentication tags in constant-time

3.4 MAC in the real-world

3.5 Message authentication codes in practice

3.5.1 HMAC, a hash-based message authentication code

3.5.2 KMAC, a hash based on cSHAKE

3.6 SHA-2 and length-extension attacks

3.7 Summary