Paper 2001/097

An Efficient MAC for Short Messages

Sarvar Patel

Abstract

HMAC is the internet standard for message authentication. What distinguishes HMAC from other MAC algorithms is that it provides proofs of security assuming that the underlying cryptographic hash (e.g. SHA-1) has some reasonable properties. HMAC is efficient for long messages, however, for short messages the nested construction results in a significant inefficiency. For example to MAC a message shorter than a block, HMAC requires at least two calls to the compression function rather than one. This inefficiency may be particularly high for some applications, like message authentication of signaling messages, where the individual messages may all fit within one or two blocks. Also for TCP/IP traffic it is well known that large number of packets (e.g. acknowledgment) have sizes around 40 bytes which fit within a block of most cryptographic hashes. We propose an enhancement that allows both short and long messages to be message authenticated more efficiently than HMAC while also providing proofs of security. In particular, for a message smaller than a block our MAC only requires one call to the compression function.

Metadata
Available format(s)
PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
message authenticationMACHMACMD5SHA-1
Contact author(s)
sarvar @ lucent com
History
2001-11-14: received
Short URL
https://ia.cr/2001/097
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2001/097,
      author = {Sarvar Patel},
      title = {An Efficient MAC for Short Messages},
      howpublished = {Cryptology ePrint Archive, Paper 2001/097},
      year = {2001},
      note = {\url{https://eprint.iacr.org/2001/097}},
      url = {https://eprint.iacr.org/2001/097}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.