MAC is a technique generates a small fixed-size block of data, using a secret key shared between sender and receiver(Symmetric Cryptography#), that will append to the message. It provides Security Services# such as Data Integrity# and data origin authentication# (whether the message is sent by the claimed sender).
The MAC, sometimes called cryptographic checksum, is computed based on the message itself using many-to-one function (many messages related to the same MAC), and it is not necessarily possible to revert to the original message by only using MAC. To verify MAC, the receiver performs the same computation as the sender did and compare the result with the received MAC to see if they are the same. The following #math notation shows the basic concept of MAC:
$$ \text{MAC} = C_K(M) $$
Where:
- \(M\) is a variable-length message
- \(K\) is a shared secret key
- \(C\) is a cryptographic algorithm used to encrypt \(M\)
Note: The key size and the MAC size determine how secure is the MAC is.
For MAC to be secure, there are several requirements for it:
- It should be computationally infeasible# to find another message with same MAC knowing a message and MAC
- MACs should be uniformly distributed so randomly chosen messages having less chance of having the same MAC
- MAC should depend equally on all bits of the message (Avalanche Effect)
Note: To crack the key, see Brute Force Attack.
The following shows several implementations of MAC: