MAC Based On The Hash Function

HMAC
MAC based on the hash function.
• Increased interest in developing a MAC derived from a

cryptographic hash function. The motivations for this interest
are
– Cryptographic hash functions such as MD5 and SHA generally
execute faster in software than symmetric block ciphers such as DES.
– Library code for cryptographic hash functions is widely available.
• A hash function such as SHA was not designed for use as a

MAC and cannot be used directly for that purpose, because it
does not rely on a secret key.
• There have been a number of proposals for the incorporation

of a secret key into an existing hash algorithm.
HMAC Design Objectives
• To use, without modifications, available hash functions. In
particular, to use hash functions that perform well in software and
for which code is freely and widely available.
• To allow for easy replace ability of the embedded hash function in

case faster or more secure hash functions are found or required.
• To preserve the original performance of the hash function without

incurring a significant degradation.
• To use and handle keys in a simple way.
• To have a well understood cryptographic analysis of the strength

of the authentication mechanism based on reasonable assumptions
about the embedded hash function.
HMAC Structure
• H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160)
• IV = initial value input to hash function
• M = message input to HMAC (including the padding)
• Yi = i th block of M, 0 <=i <= (L – 1)
• L = number of blocks in M
• b = number of bits in a block
• n = length of hash code produced by embedded hash function
• K =secret key; recommended length is n; if key length is greater than b, the key is
input to the hash function to produce an n-bit key
• K+ = K padded with zeros on the left so that the result is b bits in length
• ipad = 00110110 (36 in hexadecimal) repeated b/8 times
• opad =01011100 (5C in hexadecimal) repeated b/8 times

The Algorithm can be expressed as follows:
• HMAC(K, M) = H[(K+ XOR opad) || H[(K+ XOR ipad) || M]]
• Steps:
– Append zeros to the left end of k to create a b-bit string k+
– XOR (bitwise exclusive-OR) with ipad to produce the b-bit block
Si.
– Append M to Si.
– Apply H to the stream generated in step 3.
– XOR K+with opad to produce the b-bit block S0.
– Append the hash result from step 4 to S0 .
– Apply H to the stream generated in step 6 and output the result.
Efficient Implementation of HMAC
Security of HMAC
• The security of a MAC function is generally
expressed in terms of the probability of
successful forgery with a given amount of
time spent by the forger and a given number
of message–tag pairs created with the same
key.
– The attacker is able to compute an output of the
compression function even with an IV that is
random, secret, and unknown to the attacker.
– The attacker finds collisions in the hash function
even when the IV is random and secret.
MACS BASED ON BLOCK CIPHERS: DAA AND CMAC
• Two MACs that are based on the use of a

block cipher mode of operation.
– We begin with an older algorithm, the Data
Authentication Algorithm (DAA), which is
now obsolete.
– Then we examine CMAC, which is designed
to overcome the deficiencies of DAA.
Data Authentication Algorithm
• The Data Authentication Algorithm (DAA), based on DES, has been one of
the most widely used MACs for a number of years.
• After security weaknesses in this algorithm have been discovered, and it is
being replaced by newer and stronger algorithms.
• The algorithm can be defined as using the cipher block chaining (CBC) mode
of operation of DES with an initialization vector of zero.
• The data (e.g., message) to be authenticated are grouped into contiguous 64-
bit blocks:
• If necessary, the final block is padded on the right with zeroes to form a full
64-bit block.
• Using the DES encryption algorithm E and a secret key , a data authentication
code (DAC) is calculated as follows.
O1 = E(K, D)
O2 = E(K, [D2 XOR O1])
O3 = E(K, [D3 XOR O2])
...........................
ON = E(K, [DN XOR ON-1])
Data Authentication Algorithm
Cipher-Based Message Authentication Code
(CMAC)
• First, let us define the operation of CMAC when
the message is an integer multiple of n of the
cipher block length b.
• For AES, b=128, and for triple DES, b=64. The

message is divided into n blocks (M1,M2,.....Mn ).
• The algorithm makes use of a k-bit encryption

key K and an n-bit constant, k1.
• For AES, the key size is 128, 192, or 256 bits; for
triple DES, the key size is 112 or 168 bits.
CMAC Structure
CMAC Structure
• Two keys are computed as

MAC Based On The Hash Function

Uploaded by

Copyright:

Available Formats

MAC Based On The Hash Function

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MAC Based On The Hash Function

Uploaded by

Copyright:

Available Formats

HMAC

MAC based on the hash function.

• Increased interest in developing a MAC derived from a

• A hash function such as SHA was not designed for use as a

• There have been a number of proposals for the incorporation

• To allow for easy replace ability of the embedded hash function in

• To preserve the original performance of the hash function without

• To use and handle keys in a simple way.

• To have a well understood cryptographic analysis of the strength

• IV = initial value input to hash function

• M = message input to HMAC (including the padding)

• Yi = i th block of M, 0 <=i <= (L – 1)

• b = number of bits in a block

• n = length of hash code produced by embedded hash function

• ipad = 00110110 (36 in hexadecimal) repeated b/8 times

• opad =01011100 (5C in hexadecimal) repeated b/8 times

• Two MACs that are based on the use of a

• For AES, b=128, and for triple DES, b=64. The

• The algorithm makes use of a k-bit encryption

• Two keys are computed as

You might also like