2329:
380:
document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation. However, non-repudiation can be provided by systems that securely bind key usage information to the MAC key; the same key is in the possession of two people, but one has a copy of the key that can be used for MAC generation while the other has a copy of the key in a
632:
622:
ISO/IEC 9797-1 and -2 define generic models and algorithms that can be used with any block cipher or hash function, and a variety of different parameters. These models and parameters allow more specific algorithms to be defined by nominating the parameters. For example, the FIPS PUB 113 algorithm is
638:
In this example, the sender of a message runs it through a MAC algorithm to produce a MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn runs the message portion of the transmission through the same MAC algorithm using the same key, producing a second MAC
379:
key: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair, which is public-key cryptography. Since this private key is only accessible to its holder, a digital signature proves that a
550:
Message authentication codes and data origin authentication have been also discussed in the framework of quantum cryptography. By contrast to other cryptographic tasks, such as key distribution, for a rather broad class of quantum MACs it has been shown that quantum resources do not offer any
54:-checking a message. In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed (its integrity). The MAC value allows verifiers (who also possess a secret key) to detect any changes to the message content.
810:
The strongest adversary is assumed to have access to the signing algorithm without knowing the key. However, her final forged message must be different from any message she chose to query the signing algorithm before. See Pass's discussions before def
739:
IEEE Standard for
Information Technology - Telecommunications and Information Exchange Between Systems - Local and Metropolitan Area Networks - Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)
639:
data tag. The receiver then compares the first MAC tag received in the transmission to the second generated MAC tag. If they are identical, the receiver can safely assume that the message was not altered or tampered with during transmission (
358:
which possesses the secret key and generates MACs for messages of the attacker's choosing, the attacker cannot guess the MAC for other messages (which were not used to query the oracle) without performing infeasible amounts of computation.
164:. It should be computationally infeasible to compute a valid tag of the given message without knowledge of the key, even if for the worst case, we assume the adversary knows the tag of any message but the one in question.
366:
as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on the same key before initiating communications, as is the case with
446:
Additionally, the MAC algorithm can deliberately combine two or more cryptographic primitives, so as to maintain protection even if one of them is later found to be vulnerable. For instance, in
2309:
2139:
658:). Otherwise an attacker could – without even understanding its content – record this message and play it back at a later time, producing the same result as the original sender.
612:
603:
594:
1992:
1912:
1300:
1329:
2375:
2370:
1225:
1207:
763:
737:
1856:
1689:
1985:
1180:
1260:
1293:
683:
2188:
1897:
1382:
1334:
481:
hash functions provide a secure message authentication code as long as the key is used at most once. This can be seen as the
997:
140:
A verifying algorithm efficiently verifies the authenticity of the message given the same key and the tag. That is, return
1684:
967:
1978:
1902:
76:
2259:
2072:
1309:
393:
343:
623:
functionally equivalent to ISO/IEC 9797-1 MAC algorithm 1 with padding method 1 and a block cipher algorithm of DES.
2183:
1286:
650:, the message itself must contain data that assures that this same message can only be sent once (e.g. time stamp,
2299:
1928:
1567:
351:
161:
157:
153:
2289:
2279:
2134:
1907:
1743:
1442:
1437:
698:
568:
447:
381:
2284:
2274:
2077:
2037:
2030:
2020:
2015:
1830:
1650:
1050:
88:, which aims only to uniquely but opaquely identify a single message. RFC 4949 recommends avoiding the term
2025:
1938:
1324:
2332:
2178:
2124:
1953:
1603:
1557:
1447:
1405:
1390:
1372:
1023:
533:
2294:
2218:
1623:
1527:
1477:
1452:
478:
368:
199:
100:
346:, they possess different security requirements. To be considered secure, a MAC function must resist
2057:
1948:
1825:
1774:
1713:
1532:
1492:
1472:
877:
786:
651:
417:
413:
405:
347:
918:"Information-Theoretically Secure Data Origin Authentication with Quantum and Classical Resources"
2163:
2147:
2094:
1882:
1866:
1815:
1400:
1265:
949:
929:
1235:
769:
2223:
2213:
2084:
1759:
1221:
1203:
1176:
759:
474:
433:
363:
2158:
1846:
1800:
1562:
1168:
939:
898:
751:
539:
functions provide a secure message authentication code as long as the key is used less than
851:
1861:
1810:
1805:
1593:
372:
998:"Federal Information Processing Standards Publications, Withdrawn FIPS Listed by Number"
443:
are also by definition MACs; they can be even faster than universal-hashing based MACs.
2233:
2153:
2114:
2062:
2047:
1851:
1579:
688:
640:
586:
355:
85:
51:
47:
2364:
2314:
2269:
2228:
2208:
2104:
2067:
2042:
1943:
1820:
1522:
953:
647:
376:
106:
2264:
2109:
2099:
2089:
2052:
2001:
488:
The simplest such pairwise independent hash function is defined by the random key,
482:
463:
429:
401:
384:
that only permits MAC verification. This is commonly done in the finance industry.
31:
17:
2243:
1933:
1779:
1708:
1704:
1613:
1001:
944:
917:
823:
Theoretically, an efficient algorithm runs within probabilistic polynomial time.
755:
134:
A key generation algorithm selects a key from the key space uniformly at random.
454:
is split in halves that are each processed with a different hashing primitive (
144:
when the message and tag are not tampered with or forged, and otherwise return
130:
Informally, a message authentication code system consists of three algorithms:
74:, especially in communications to distinguish it from the use of the latter as
2203:
2173:
2168:
2129:
1172:
975:
451:
152:
A secure message authentication code must resist attempts by an adversary to
2193:
1608:
392:
MAC algorithms can be constructed from other cryptographic primitives, like
137:
A signing algorithm efficiently returns a tag given the key and the message.
1395:
1138:
1113:
1088:
1063:
2238:
2198:
1887:
1784:
1769:
1764:
1754:
1718:
1638:
1552:
1432:
881:
693:
667:
409:
326:. Clearly we require that any adversary cannot directly query the string
94:
334:, since otherwise a valid tag can be easily obtained by that adversary.
1723:
1679:
1457:
747:
713:
440:
2119:
1892:
1633:
1628:
1598:
1588:
1547:
1542:
1537:
1517:
1512:
1487:
1482:
1467:
1427:
934:
559:
Various standards exist that define MAC algorithms. These include:
1618:
1507:
1462:
1410:
1367:
1362:
1356:
718:
582:
SHA-3 Derived
Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
459:
455:
27:
Information used for message authentication and integrity checking
375:
offered by signatures specifically in the case of a network-wide
1733:
1728:
1699:
1694:
1658:
708:
703:
677:
672:
425:
421:
397:
1974:
1282:
551:
advantage over unconditionally secure one-time classical MACs.
1502:
1497:
1350:
631:
630:
852:"VMAC: Message Authentication Code using Universal Hashing"
371:. For the same reason, MACs do not provide the property of
1167:, Wiley Publishing, Inc., 1 November 2011, pp. 1–26,
1220:(1. publ. ed.), Cambridge : Cambridge Univ. Press,
617:
Lightweight cryptography - Message authentication codes
354:. This means that even if an attacker has access to an
2140:
Cryptographically secure pseudorandom number generator
787:"CS 513 System Security -- Hashes and Message Digests"
1270:
646:
However, to allow the receiver to be able to detect
420:). However many of the fastest MAC algorithms, like
2252:
2008:
1921:
1875:
1839:
1793:
1742:
1670:
1647:
1576:
1420:
1381:
1343:
567:, withdrawn in 2002, defines an algorithm based on
1218:Foundations of cryptography II: Basic Applications
916:Nikolopoulos, Georgios M.; Fischlin, Marc (2020).
154:forge tags, for arbitrary, select, or all messages
1026:The Keyed-Hash Message Authentication Code (HMAC)
903:Advances in Cryptology – Proceedings of CRYPTO 84
576:The Keyed-Hash Message Authentication Code (HMAC)
901:(1985). "Authentication theory/coding theory".
84:). However, some authors use MIC to refer to a
175:) system is a triple of efficient algorithms (
1986:
1294:
8:
439:Intrinsically keyed hash algorithms such as
46:, is a short piece of information used for
1993:
1979:
1971:
1301:
1287:
1279:
1275:
1271:
1200:Foundations of cryptography I: Basic Tools
608:Mechanisms using a universal hash-function
599:Mechanisms using a dedicated hash-function
1202:, Cambridge: Cambridge University Press,
943:
933:
70:) is frequently substituted for the term
680:(hash-based message authentication code)
2348:
729:
314:, 1) denotes the set of the queries on
905:. Berlin: Springer. pp. 411–431.
547:-ways independent hashing functions.
7:
819:
817:
342:While MAC functions are similar to
25:
882:"SipHash: a fast short-input PRF"
655:
276:if for every efficient adversary
2328:
2327:
503:, and the MAC tag for a message
156:, including under conditions of
590:Mechanisms using a block cipher
450:(TLS) versions before 1.2, the
2376:Error detection and correction
2189:Information-theoretic security
1898:NIST hash function competition
1261:RSA Laboratories entry on MACs
194:(key-generator) gives the key
1:
876:Jean-Philippe Aumasson &
2371:Message authentication codes
1903:Password Hashing Competition
1314:message authentication codes
1310:Cryptographic hash functions
970:Computer Data Authentication
565:Computer Data Authentication
466:together to output the MAC.
394:cryptographic hash functions
344:cryptographic hash functions
261:must satisfy the following:
77:media access control address
2305:Message authentication code
2260:Cryptographic hash function
2073:Cryptographic hash function
1857:Merkle–Damgård construction
945:10.3390/cryptography4040031
756:10.1109/IEEESTD.2007.373646
432:, are constructed based on
169:message authentication code
116:message authentication code
36:message authentication code
2392:
2184:Harvest now, decrypt later
1266:Ron Rivest lecture on MACs
206:is the security parameter.
2323:
2300:Post-quantum cryptography
1970:
1320:
1278:
1274:
1173:10.1002/9781118257739.ch1
1163:"Mac Security Overview",
302:has access to the oracle
92:(MIC), and instead using
42:), sometimes known as an
2290:Quantum key distribution
2280:Authenticated encryption
2135:Random number generation
1651:key derivation functions
1237:A Course in Cryptography
1216:Goldreich, Oded (2004),
1198:Goldreich, Oded (2001),
699:Authenticated encryption
448:Transport Layer Security
382:hardware security module
212:(signing) outputs a tag
2285:Public-key cryptography
2275:Symmetric-key algorithm
2078:Key derivation function
2038:Cryptographic primitive
2031:Authentication protocol
2021:Outline of cryptography
2016:History of cryptography
1929:Hash-based cryptography
1831:Length extension attack
1051:SHA-3 Derived Functions
2026:Cryptographic protocol
1939:Message authentication
1139:"ISO/IEC 29192-6:2019"
635:
352:chosen-message attacks
90:message integrity code
64:message integrity code
2179:End-to-end encryption
2125:Cryptojacking malware
1114:"ISO/IEC 9797-3:2011"
1089:"ISO/IEC 9797-2:2011"
1064:"ISO/IEC 9797-1:2011"
880:(18 September 2012).
634:
627:An example of MAC use
220:and the input string
2295:Quantum cryptography
2219:Trusted timestamping
978:on 27 September 2011
537:-independent hashing
485:for authentication.
479:pairwise independent
369:symmetric encryption
230:(verifying) outputs
101:error detection code
2058:Cryptographic nonce
1826:Side-channel attack
1165:Mac® Security Bible
878:Daniel J. Bernstein
775:on 13 October 2008.
746:. (2007 revision).
396:(as in the case of
348:existential forgery
238:on inputs: the key
2164:Subliminal channel
2148:Pseudorandom noise
2095:Key (cryptography)
1883:CAESAR Competition
1867:HAIFA construction
1816:Brute-force attack
856:CFRG Working Group
791:www.cs.cornell.edu
636:
477:and in particular
364:digital signatures
120:protected checksum
44:authentication tag
18:Authentication tag
2345:
2344:
2341:
2340:
2224:Key-based routing
2214:Trapdoor function
2085:Digital signature
1966:
1965:
1962:
1961:
1760:ChaCha20-Poly1305
1577:Password hashing/
1227:978-0-521-83084-3
1209:978-0-511-54689-1
899:Simmons, Gustavus
765:978-0-7381-5656-9
475:Universal hashing
434:universal hashing
362:MACs differ from
310:, · ), and Query(
16:(Redirected from
2383:
2356:
2353:
2331:
2330:
2159:Insecure channel
1995:
1988:
1981:
1972:
1847:Avalanche effect
1801:Collision attack
1344:Common functions
1303:
1296:
1289:
1280:
1276:
1272:
1250:
1249:
1247:
1242:
1230:
1212:
1186:
1185:
1160:
1154:
1153:
1151:
1149:
1135:
1129:
1128:
1126:
1124:
1110:
1104:
1103:
1101:
1099:
1085:
1079:
1078:
1076:
1074:
1060:
1054:
1053:nvlpubs.nist.gov
1048:
1042:
1041:
1039:
1037:
1032:
1020:
1014:
1013:
1011:
1009:
1004:on 1 August 2010
1000:. Archived from
994:
988:
987:
985:
983:
974:. Archived from
964:
958:
957:
947:
937:
913:
907:
906:
895:
889:
888:
886:
873:
867:
866:
864:
862:
848:
842:
839:
833:
830:
824:
821:
812:
808:
802:
801:
799:
797:
783:
777:
776:
774:
768:. Archived from
750:. 12 June 2007.
745:
734:
532:More generally,
524:
502:
289:
267:
21:
2391:
2390:
2386:
2385:
2384:
2382:
2381:
2380:
2361:
2360:
2359:
2354:
2350:
2346:
2337:
2319:
2248:
2004:
1999:
1958:
1917:
1876:Standardization
1871:
1862:Sponge function
1835:
1811:Birthday attack
1806:Preimage attack
1789:
1745:
1738:
1666:
1649:
1648:General purpose
1643:
1578:
1572:
1421:Other functions
1416:
1383:SHA-3 finalists
1377:
1339:
1316:
1307:
1257:
1245:
1243:
1240:
1233:
1228:
1215:
1210:
1197:
1194:
1189:
1183:
1162:
1161:
1157:
1147:
1145:
1137:
1136:
1132:
1122:
1120:
1112:
1111:
1107:
1097:
1095:
1087:
1086:
1082:
1072:
1070:
1062:
1061:
1057:
1049:
1045:
1035:
1033:
1030:
1022:
1021:
1017:
1007:
1005:
996:
995:
991:
981:
979:
966:
965:
961:
915:
914:
910:
897:
896:
892:
884:
875:
874:
870:
860:
858:
850:
849:
845:
841:Pass, def 134.2
840:
836:
832:Pass, def 134.1
831:
827:
822:
815:
809:
805:
795:
793:
785:
784:
780:
772:
766:
743:
736:
735:
731:
727:
664:
652:sequence number
629:
580:NIST SP800-185
574:FIPS PUB 198-1
557:
508:
507:is computed as
489:
472:
390:
373:non-repudiation
340:
283:
265:
128:
60:
28:
23:
22:
15:
12:
11:
5:
2389:
2387:
2379:
2378:
2373:
2363:
2362:
2358:
2357:
2347:
2343:
2342:
2339:
2338:
2336:
2335:
2324:
2321:
2320:
2318:
2317:
2312:
2310:Random numbers
2307:
2302:
2297:
2292:
2287:
2282:
2277:
2272:
2267:
2262:
2256:
2254:
2250:
2249:
2247:
2246:
2241:
2236:
2234:Garlic routing
2231:
2226:
2221:
2216:
2211:
2206:
2201:
2196:
2191:
2186:
2181:
2176:
2171:
2166:
2161:
2156:
2154:Secure channel
2151:
2145:
2144:
2143:
2132:
2127:
2122:
2117:
2115:Key stretching
2112:
2107:
2102:
2097:
2092:
2087:
2082:
2081:
2080:
2075:
2065:
2063:Cryptovirology
2060:
2055:
2050:
2048:Cryptocurrency
2045:
2040:
2035:
2034:
2033:
2023:
2018:
2012:
2010:
2006:
2005:
2000:
1998:
1997:
1990:
1983:
1975:
1968:
1967:
1964:
1963:
1960:
1959:
1957:
1956:
1951:
1946:
1941:
1936:
1931:
1925:
1923:
1919:
1918:
1916:
1915:
1910:
1905:
1900:
1895:
1890:
1885:
1879:
1877:
1873:
1872:
1870:
1869:
1864:
1859:
1854:
1852:Hash collision
1849:
1843:
1841:
1837:
1836:
1834:
1833:
1828:
1823:
1818:
1813:
1808:
1803:
1797:
1795:
1791:
1790:
1788:
1787:
1782:
1777:
1772:
1767:
1762:
1757:
1751:
1749:
1740:
1739:
1737:
1736:
1731:
1726:
1721:
1716:
1711:
1702:
1697:
1692:
1687:
1682:
1676:
1674:
1668:
1667:
1665:
1664:
1661:
1655:
1653:
1645:
1644:
1642:
1641:
1636:
1631:
1626:
1621:
1616:
1611:
1606:
1601:
1596:
1591:
1585:
1583:
1580:key stretching
1574:
1573:
1571:
1570:
1565:
1560:
1555:
1550:
1545:
1540:
1535:
1530:
1525:
1520:
1515:
1510:
1505:
1500:
1495:
1490:
1485:
1480:
1475:
1470:
1465:
1460:
1455:
1450:
1445:
1440:
1435:
1430:
1424:
1422:
1418:
1417:
1415:
1414:
1408:
1403:
1398:
1393:
1387:
1385:
1379:
1378:
1376:
1375:
1370:
1365:
1360:
1354:
1347:
1345:
1341:
1340:
1338:
1337:
1332:
1327:
1321:
1318:
1317:
1308:
1306:
1305:
1298:
1291:
1283:
1269:
1268:
1263:
1256:
1255:External links
1253:
1252:
1251:
1234:Pass, Rafael,
1231:
1226:
1213:
1208:
1193:
1190:
1188:
1187:
1181:
1155:
1130:
1105:
1080:
1055:
1043:
1015:
989:
968:"FIPS PUB 113
959:
908:
890:
868:
843:
834:
825:
813:
803:
778:
764:
740:Specifications
728:
726:
723:
722:
721:
716:
711:
706:
701:
696:
691:
689:MMH-Badger MAC
686:
681:
675:
670:
663:
660:
648:replay attacks
641:data integrity
628:
625:
620:
619:
610:
601:
592:
587:ISO/IEC 9797-1
584:
578:
572:
556:
553:
471:
468:
389:
388:Implementation
386:
339:
336:
322:, which knows
292:
291:
284:Pr < negl(
270:
269:
252:
251:
225:
207:
187:) satisfying:
162:chosen-message
150:
149:
138:
135:
127:
124:
86:message digest
59:
56:
48:authenticating
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
2388:
2377:
2374:
2372:
2369:
2368:
2366:
2352:
2349:
2334:
2326:
2325:
2322:
2316:
2315:Steganography
2313:
2311:
2308:
2306:
2303:
2301:
2298:
2296:
2293:
2291:
2288:
2286:
2283:
2281:
2278:
2276:
2273:
2271:
2270:Stream cipher
2268:
2266:
2263:
2261:
2258:
2257:
2255:
2251:
2245:
2242:
2240:
2237:
2235:
2232:
2230:
2229:Onion routing
2227:
2225:
2222:
2220:
2217:
2215:
2212:
2210:
2209:Shared secret
2207:
2205:
2202:
2200:
2197:
2195:
2192:
2190:
2187:
2185:
2182:
2180:
2177:
2175:
2172:
2170:
2167:
2165:
2162:
2160:
2157:
2155:
2152:
2149:
2146:
2141:
2138:
2137:
2136:
2133:
2131:
2128:
2126:
2123:
2121:
2118:
2116:
2113:
2111:
2108:
2106:
2105:Key generator
2103:
2101:
2098:
2096:
2093:
2091:
2088:
2086:
2083:
2079:
2076:
2074:
2071:
2070:
2069:
2068:Hash function
2066:
2064:
2061:
2059:
2056:
2054:
2051:
2049:
2046:
2044:
2043:Cryptanalysis
2041:
2039:
2036:
2032:
2029:
2028:
2027:
2024:
2022:
2019:
2017:
2014:
2013:
2011:
2007:
2003:
1996:
1991:
1989:
1984:
1982:
1977:
1976:
1973:
1969:
1955:
1952:
1950:
1947:
1945:
1944:Proof of work
1942:
1940:
1937:
1935:
1932:
1930:
1927:
1926:
1924:
1920:
1914:
1911:
1909:
1906:
1904:
1901:
1899:
1896:
1894:
1891:
1889:
1886:
1884:
1881:
1880:
1878:
1874:
1868:
1865:
1863:
1860:
1858:
1855:
1853:
1850:
1848:
1845:
1844:
1842:
1838:
1832:
1829:
1827:
1824:
1822:
1821:Rainbow table
1819:
1817:
1814:
1812:
1809:
1807:
1804:
1802:
1799:
1798:
1796:
1792:
1786:
1783:
1781:
1778:
1776:
1773:
1771:
1768:
1766:
1763:
1761:
1758:
1756:
1753:
1752:
1750:
1747:
1744:Authenticated
1741:
1735:
1732:
1730:
1727:
1725:
1722:
1720:
1717:
1715:
1712:
1710:
1706:
1703:
1701:
1698:
1696:
1693:
1691:
1688:
1686:
1683:
1681:
1678:
1677:
1675:
1673:
1672:MAC functions
1669:
1662:
1660:
1657:
1656:
1654:
1652:
1646:
1640:
1637:
1635:
1632:
1630:
1627:
1625:
1622:
1620:
1617:
1615:
1612:
1610:
1607:
1605:
1602:
1600:
1597:
1595:
1592:
1590:
1587:
1586:
1584:
1581:
1575:
1569:
1566:
1564:
1561:
1559:
1556:
1554:
1551:
1549:
1546:
1544:
1541:
1539:
1536:
1534:
1531:
1529:
1526:
1524:
1521:
1519:
1516:
1514:
1511:
1509:
1506:
1504:
1501:
1499:
1496:
1494:
1491:
1489:
1486:
1484:
1481:
1479:
1476:
1474:
1471:
1469:
1466:
1464:
1461:
1459:
1456:
1454:
1451:
1449:
1446:
1444:
1441:
1439:
1436:
1434:
1431:
1429:
1426:
1425:
1423:
1419:
1412:
1409:
1407:
1404:
1402:
1399:
1397:
1394:
1392:
1389:
1388:
1386:
1384:
1380:
1374:
1371:
1369:
1366:
1364:
1361:
1359:(compromised)
1358:
1355:
1353:(compromised)
1352:
1349:
1348:
1346:
1342:
1336:
1335:Known attacks
1333:
1331:
1328:
1326:
1323:
1322:
1319:
1315:
1311:
1304:
1299:
1297:
1292:
1290:
1285:
1284:
1281:
1277:
1273:
1267:
1264:
1262:
1259:
1258:
1254:
1239:
1238:
1232:
1229:
1223:
1219:
1214:
1211:
1205:
1201:
1196:
1195:
1191:
1184:
1182:9781118257739
1178:
1174:
1170:
1166:
1159:
1156:
1144:
1140:
1134:
1131:
1119:
1115:
1109:
1106:
1094:
1090:
1084:
1081:
1069:
1065:
1059:
1056:
1052:
1047:
1044:
1029:
1027:
1019:
1016:
1003:
999:
993:
990:
977:
973:
971:
963:
960:
955:
951:
946:
941:
936:
931:
927:
923:
919:
912:
909:
904:
900:
894:
891:
883:
879:
872:
869:
857:
853:
847:
844:
838:
835:
829:
826:
820:
818:
814:
807:
804:
792:
788:
782:
779:
771:
767:
761:
757:
753:
749:
742:
741:
733:
730:
724:
720:
717:
715:
712:
710:
707:
705:
702:
700:
697:
695:
692:
690:
687:
685:
682:
679:
676:
674:
671:
669:
666:
665:
661:
659:
657:
653:
649:
644:
642:
633:
626:
624:
618:
615:/IEC 29192-6
614:
611:
609:
605:
602:
600:
596:
593:
591:
588:
585:
583:
579:
577:
573:
570:
566:
563:FIPS PUB 113
562:
561:
560:
554:
552:
548:
546:
542:
538:
536:
530:
528:
523:
519:
515:
511:
506:
500:
496:
492:
486:
484:
480:
476:
469:
467:
465:
461:
457:
453:
449:
444:
442:
437:
435:
431:
427:
423:
419:
415:
411:
407:
403:
399:
395:
387:
385:
383:
378:
377:shared secret
374:
370:
365:
360:
357:
353:
349:
345:
337:
335:
333:
329:
325:
321:
317:
313:
309:
305:
301:
298:denotes that
297:
287:
282:
281:
280:
279:
275:
264:
263:
262:
260:
256:
249:
245:
242:, the string
241:
237:
233:
229:
226:
223:
219:
215:
211:
208:
205:
201:
197:
193:
190:
189:
188:
186:
182:
178:
174:
170:
165:
163:
159:
155:
147:
143:
139:
136:
133:
132:
131:
125:
123:
121:
117:
113:
109:
108:
103:
102:
97:
96:
91:
87:
83:
79:
78:
73:
69:
65:
57:
55:
53:
49:
45:
41:
37:
33:
19:
2351:
2304:
2265:Block cipher
2110:Key schedule
2100:Key exchange
2090:Kleptography
2053:Cryptosystem
2002:Cryptography
1671:
1313:
1244:, retrieved
1236:
1217:
1199:
1164:
1158:
1146:. Retrieved
1142:
1133:
1121:. Retrieved
1117:
1108:
1096:. Retrieved
1092:
1083:
1071:. Retrieved
1067:
1058:
1046:
1034:. Retrieved
1025:
1018:
1006:. Retrieved
1002:the original
992:
980:. Retrieved
976:the original
969:
962:
925:
922:Cryptography
921:
911:
902:
893:
871:
859:. Retrieved
855:
846:
837:
828:
806:
794:. Retrieved
790:
781:
770:the original
738:
732:
656:one-time MAC
654:or use of a
645:
637:
621:
616:
607:
606:/IEC 9797-3
598:
597:/IEC 9797-2
589:
581:
575:
564:
558:
549:
544:
540:
534:
531:
526:
521:
517:
513:
509:
504:
498:
494:
490:
487:
483:one-time pad
473:
470:One-time MAC
445:
438:
430:Poly1305-AES
404:algorithms (
402:block cipher
391:
361:
341:
331:
327:
323:
319:
315:
311:
307:
303:
299:
295:
293:
285:
277:
273:
271:
258:
254:
253:
247:
246:and the tag
243:
239:
235:
231:
227:
221:
217:
213:
209:
203:
195:
191:
184:
180:
176:
172:
168:
167:Formally, a
166:
151:
145:
141:
129:
119:
115:
111:
105:
99:
93:
89:
81:
75:
71:
67:
63:
61:
43:
39:
35:
32:cryptography
29:
2253:Mathematics
2244:Mix network
1934:Merkle tree
1922:Utilization
1908:NSA Suite B
1246:31 December
1148:20 December
1123:20 December
1098:20 December
1073:20 December
1036:20 December
796:20 December
274:unforgeable
216:on the key
126:Definitions
82:MAC address
58:Terminology
2365:Categories
2355:11-12-20C8
2204:Ciphertext
2174:Decryption
2169:Encryption
2130:Ransomware
1746:encryption
1523:RadioGatún
1330:Comparison
1192:References
1008:10 October
982:10 October
935:2011.06849
543:times for
529:is prime.
452:input data
400:) or from
112:keyed hash
2194:Plaintext
1663:KDF1/KDF2
1582:functions
1568:Whirlpool
954:226956062
928:(4): 31.
555:Standards
272:A MAC is
198:on input
62:The term
52:integrity
2333:Category
2239:Kademlia
2199:Codetext
2142:(CSPRNG)
1888:CRYPTREC
1719:Poly1305
1639:yescrypt
1553:Streebog
1433:CubeHash
1413:(winner)
861:16 March
694:Poly1305
668:Checksum
662:See also
525:, where
338:Security
318:made by
236:rejected
232:accepted
202:, where
146:rejected
142:accepted
95:checksum
2009:General
1794:Attacks
1724:SipHash
1680:CBC-MAC
1614:LM hash
1594:Balloon
1458:HAS-160
748:IEEE-SA
714:SipHash
462:) then
441:SipHash
266:Pr = 1
2120:Keygen
1954:Pepper
1893:NESSIE
1840:Design
1634:scrypt
1629:PBKDF2
1604:Catena
1599:bcrypt
1589:Argon2
1548:Snefru
1543:Shabal
1538:SWIFFT
1518:RIPEMD
1513:N-hash
1488:MASH-2
1483:MASH-1
1468:Kupyna
1428:BLAKE3
1411:Keccak
1396:Grøstl
1373:BLAKE2
1224:
1206:
1179:
952:
811:134.2.
762:
520:) mod
416:, and
356:oracle
350:under
294:where
158:known-
2150:(PRN)
1748:modes
1624:Makwa
1619:Lyra2
1609:crypt
1558:Tiger
1508:MDC-2
1463:HAVAL
1448:Fugue
1406:Skein
1391:BLAKE
1368:SHA-3
1363:SHA-2
1357:SHA-1
1241:(PDF)
1031:(PDF)
950:S2CID
930:arXiv
885:(PDF)
773:(PDF)
744:(PDF)
725:Notes
464:XORed
460:SHA-2
456:SHA-1
118:, or
1949:Salt
1913:CNSA
1780:IAPM
1734:VMAC
1729:UMAC
1714:PMAC
1709:CMAC
1705:OMAC
1700:NMAC
1695:HMAC
1690:GMAC
1659:HKDF
1528:SIMD
1478:Lane
1453:GOST
1438:ECOH
1325:List
1312:and
1248:2015
1222:ISBN
1204:ISBN
1177:ISBN
1150:2023
1125:2023
1100:2023
1075:2023
1038:2023
1010:2010
984:2010
863:2010
798:2023
760:ISBN
719:KMAC
709:VMAC
704:UMAC
678:HMAC
673:CMAC
458:and
428:and
426:VMAC
422:UMAC
418:PMAC
406:OMAC
398:HMAC
257:and
107:hash
50:and
34:, a
1785:OCB
1775:GCM
1770:EAX
1765:CWC
1755:CCM
1685:DAA
1563:VSH
1533:SM3
1503:MD6
1498:MD4
1493:MD2
1473:LSH
1443:FSB
1351:MD5
1169:doi
1143:ISO
1118:ISO
1093:ISO
1068:ISO
940:doi
752:doi
684:MAA
643:).
613:ISO
604:ISO
595:ISO
569:DES
512:= (
510:tag
493:= (
491:key
414:GCM
410:CCM
330:on
234:or
173:MAC
160:or
72:MAC
68:MIC
40:MAC
30:In
2367::
1401:JH
1175:,
1141:.
1116:.
1091:.
1066:.
948:.
938:.
924:.
920:.
854:.
816:^
789:.
758:.
516:+
514:am
497:,
436:.
412:,
408:,
183:,
179:,
122:.
114:,
110:,
104:,
98:,
1994:e
1987:t
1980:v
1707:/
1302:e
1295:t
1288:v
1171::
1152:.
1127:.
1102:.
1077:.
1040:.
1028:"
1024:"
1012:.
986:.
972:"
956:.
942::
932::
926:4
887:.
865:.
800:.
754::
571:.
545:k
541:k
535:k
527:p
522:p
518:b
505:m
501:)
499:b
495:a
424:-
332:S
328:x
324:n
320:A
316:S
312:A
308:k
306:(
304:S
300:A
296:A
290:,
288:)
286:n
278:A
268:.
259:V
255:S
250:.
248:t
244:x
240:k
228:V
224:.
222:x
218:k
214:t
210:S
204:n
200:1
196:k
192:G
185:V
181:S
177:G
171:(
148:.
80:(
66:(
38:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.