Cryptography Reference
In-Depth Information
"
"
#
Figure 2.5
A message and a tag computed from it.
This is, however, neither always necessary nor always desired, and sometimes one
wishes to use more lightweight mechanisms based on secret key cryptography. This
is where the notion of a MAC as suggested in Definition 2.7 comes into play.
4
Definition 2.7 (Message authentication code)
A
MAC
is an authentication tag
that can be computed and verified with a secret parameter (e.g., a secret crypto-
graphic key).
In the case of a message that is sent from one sender to a single recipient, the
secret parameter must be shared between the two entities. If, however, a message
is sent to multiple recipients, then the secret parameter must be shared between the
sender and all receiving entities. In this case, the distribution and management of
the secret parameter is a major issue (and probably the Achilles' heel of the entire
encryption system).
Similar to a symmetric encryption system, one can introduce and formally
define a system to compute and verify MACs. In this topic, we use the term
message
authentication system
to refer to such a system (contrary to most other terms used
in this topic, this term is not widely used in the literature). As captured in Definition
2.8, a message authentication system consists of a set of possible messages (i.e.,
the message space), a set of possible authentication tags (i.e., the tag space), a set
of possible keys (i.e., the key space), as well as two families of related message
authentication and verification functions.
Definition 2.8 (Message authentication system)
A
message authentication system
consists of the following five components:
•
A
message space
M
;
4
In some literature, the term
message integrity code
(MIC) is used synonymously and interchange-
ably with MAC. However, this term is not used in this topic.
