U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects

Message Authentication Codes MAC

Project Overview

The message authentication code (MAC) is generated from an associated message as a method for assuring the integrity of the message and the authenticity of the source of the message.  A secret key to the generation algorithm must be established between the originator of the message and its intended receiver(s).

Approved Algorithms

Currently, there are three (3) approved* general purpose MAC algorithms:  HMAC, KMAC and CMAC.

Keyed-Hash Message Authentication Code (HMAC)

FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC) (July 2008), specifies a mechanism for message authentication using an approved hash function.  The approved hash functions are specified in FIPS 180-4, Secure Hash Standard  and FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions.  Specific guidelines in connection with HMAC's security properties are provided in NIST SP 107 Revision 1, Recommendation for Applications Using Approved Hash Algorithms.

KECCAK Message Authentication Code (KMAC)

KMAC is specified in SP 800-185, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash (December 2016). KMAC is a keyed hash function based on KECCAK, which is specified in FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. There are two variants of KECCAK, KMAC128 and KMAC256.

The CMAC Mode for Authentication

CMAC is specified in SP 800-38B, Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication (May 2005). The CMAC mode is constructed from an approved block cipher (e.g., AES, as specified in FIPS 197, The Advanced Encryption Standard). 

Notes

The CCM and GCM algorithms for authenticated encryption - each constructed from an approved block cipher - can be specialized to MAC algorithms if there is no data to be encrypted.  In the case of GCM, this specialization has a separate name, GMAC.
 
An earlier FIPS--FIPS 113, Computer Data Authentication--specified a Message Authentication Code; it was withdrawn in September 2008.
 

Testing HMAC, CMAC and GMAC Implementations

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Implementation-related References

 

*Note: An algorithm or technique that is either specified in a FIPS or NIST Recommendation.

Contacts

Quynh Dang
quynh.dang@nist.gov

Topics

Security and Privacy: message authentication

Created January 04, 2017, Updated June 22, 2020