Message Authentication Code (MAC)

• Use of a secret key to generate a small fixed size block of data called MAC or cryptographic checksum is appended to the message.

• The main difference between message digest and MAC, there is no cryptographic process involved whereas in message authentication code one single key also called as symmetric key is used by the sender and receiver to generate a message authentication code.

• This technique assumes that the two communicating parties say A and B shows a common key ‘k’.

Theory of operation

• When A has a message to send to B, it calculates the MAC as a function of the message and the key

• MAC = C(K,M)

where,

M= input message

C= MAC function

K= shared secret key

MAC = message authentication code

• The message plus MAC are transmitted to the intended recipient.

• The receiver/ recipient performs the same calculation on the received message using the same secret key to generate a new MAC say Mac_2.

• The received MAC i.e MAC_2 is compared to the calculated MAC

• If the received MAC matches the calculated MAC, then

  a. The receiver is assured that the message has not been altered

  b. The receiver is assured that the message is from the actual sender

  c. If the message includes a sequence number, then the receiver can be assured of the proper sequence.

MAC function :

• Similar to encryption, difference is that the MAC algorithm need not be reversible.

• Many to one function.

• The domain of the function consists of messages of some arbitrary length, whereas the range consists of all possible MACs and all possible keys.

  a. If an n bit MAC is used, then there are $2^n$ possible MACs whereas there are M possible messages with $ N \gt\gt 2^n$

  b. With a k bit key, there are $2^k$ possible keys

• MAC does not provide a digital signature because both sender and receiver share the same key.