What are the requirements of Message Authentication Codes (MAC)?

MAC stands for Message Authentication Code. It is a security code or tag that is further to the message sent by the sender to the receiver for supporting message authentication and integrity (no modification in message).

MAC is similar to Message Digest (MD) except that it needs the symmetric key cryptography procedure to authenticate a message i.e., the similar key is shared among sender and receiver. The keyed hash function is second termed for the message authentication code. MAC is also defined as Cryptographic Checksum.

A message authentication code (MAC) algorithm creates a message to be authenticated & a secret key that is popular only to the sender of the message and the receiver of the message & creates a MAC as an output. By using MAC, a receiver can test the integrity of the message & authenticity of the message i.e., whether it is appearing from the proper sender or not. MAC does not supports Non-Repudiation.

Three algorithms generally includes a MAC such as key generation algorithm, a signing algorithm and a verifying algorithm. The key generation algorithm selects a key at random.

The signing algorithm transmit a tag when likely the key and the message. The verifying algorithm can be used to check the authenticity of the message when given the key and tag. It will restore a message of accepted if the message and tag are authentic and same, but otherwise, it will restore a message of rejected.

There are some requirements for MACs are as follows −

  • Message authentication codes (MACs) are generally used in digital funds transfers (EFTs) to support information integrity. They can validate that a message is authentic; that it actually does come, in other words, from the stated sender, and hasn’t sustained some changes en-route.

  • A verifier who also maintain the key can use it to recognize changes to the element of the message in question.

  • Message authentication codes are generally needed to access any type of financial account. Banks, brokerage firms, trust organization, and some other deposit, investment, or insurance organization that provide online access can use these codes. They are an important component of financial cryptography.

  • If an opponent observes M and C (K, M) and it must be computationally impossible for the opponent to make a message M' such that C (K, M') = C (K, M).

  • C (K, M) should be consistently distributed in the sense that for randomly selected message, M and M', the probability that C (K, M) = C (K, M') is 2n, where n is the number of bits in the MAC.

  • Let M' be same to some known transformation on M that is M'=f (M). For instance, f can include inverting one or more definite bits. In that case, PR[C(K, M) = C(K, M')] = 2-n.