How Does a Message Authentication Code Work?

A message authentication code is a block of a few bytes that can be used to authenticate a message. The receiver can test this block and be definite that the message hasn't been changed by the third party.

A family of cryptographic functions that is parameterized by a symmetric key. Each functions can facilitate on input data (known as “message”) of variable length to create an output value of a definite length. The output value is known as the MAC of the input message.

An approved MAC algorithm is normal to satisfy the following property (for each of its provided security levels): It should be computationally impossible to decide the MAC of a message without learning of the key, even if one has already view the results of using that key to calculate the MAC's of other messages. A MAC algorithm can be used to support data-origin authentication and data-integrity security.

A MAC is a cryptographic primitive and its definition includes three algorithms known as the key-generation, the tagging, and the verification algorithm.

The key-generation algorithm creates a key of some ‘quality’ (length) that is defined by its input, the security parameter.

The tagging algorithm has two inputs such as key and a message, and one output is a tag.

The verification algorithm has three inputs such as a key, a message, and a tag. It outputs a bit defining the validity of the tag for the given message, and the key.

A MAC is a symmetric primitive, therefore the two parties that wants to exchange messages use the similar (symmetric) key. A digital signature is an asymmetric primitive and the two parties have different (but mathematically associated) keys.

This translates into a simple narrative whoever can check a MAC can also calculate it using the same secret key.

In the other terms, only the entity in possession of the private signing key can produce signatures, while anybody can check these signatures using a publicly called as verification key. Even though it appears that digital signatures are a more dynamic primitive, their computation is much easy than the calculation of a MAC, thus MACs are still used whenever applicable.

MAC plays an essential role in data communication. Message which are shared over an insecure channel required to be authenticated to avoid attack including message forgery by an intruder who can temper with the channel. It can supports message authenticity, supposing that the transmitter and the receiver sent a secret key, a MAC can be used.

In a MAC system, the transmitter produces a tag which is a function of the message and the secret key, and join it to the message before sending it over the channel.