Cryptography Reference
In-Depth Information
Chapter 11
Message Authentication Codes
In this chapter, we elaborate on MACs and systems to compute and verify MACs.
More specifically, we introduce the topic in Section 11.1, overview, discuss, and put
into perspective computationally secure and information-theoretically secure MACs
in Sections 11.2 and 11.3, and conclude with some final remarks in Section 11.4.
11.1
INTRODUCTION
There are basically two technologies that can be used to authenticate messages:
•
Public key cryptography and digital signatures;
•
Secret key cryptography and MACs.
Digital signatures are further addressed in Chapter 15. In this chapter, we focus
only on MACs. As introduced in Section 2.2.2, a MAC is an authentication tag
that is computed and verified with a secret key. This means that the sender and the
recipient(s) must share a secret key and that this key must be used to compute and
verify a MAC for a message. Consequently, a MAC depends on both the message
it authenticates and the secret key that only the legitimate sender and the legitimate
recipient(s) are assumed to know.
Note that there is a fundamental difference between message authentication
using MACs and message authentication using digital signatures. If one uses MACs,
then the same secret key that is used to compute the MAC must also be used to verify
it. This is different with digital signatures. If one uses digital signatures, then the
key to generate a digital signature and the key to verify it are different (the former
represents the private key and the latter represents the public key). There are two
implications we want to emphasize at this point:
