An Efficient MAC for Short Messages

  • Sarvar Patel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


HMAC is the internet standard for message authentication [BCK96],[KBC97]. What distinguishes HMAC from otherMAC algorithms is that it provides proofs of security assuming that the underlying cryptographic hash (e.g. SHA-1) has some reasonable properties. HMAC is efficient for long messages, however, for short messages the nested constructions results in a significant inefficiency. For example to MAC a message shorter than a block, HMAC requires at least two calls to the compression function rather than one.

This inefficiency may be particularly high for some applications, like message authentication of signaling messages, where the individual messages may all fit within one or two blocks. Also for TCP/IP trafic it is well known that a large number of packets (e.g. acknowledgement) have sizes around 40 bytes which fit within a block of most cryptographic hashes. We propose an enhancement that allows both short and long messages to be message authenticated more efficiently than HMAC while also providing proofs of security. In particular, for a message smaller than a block our MAC only requires one call to the compression function.


Hash Function Cipher Block Single Block Short Message Message Authentication Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BCK96]
    M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. CRYPTO 96.Google Scholar
  2. [KBC97]
    H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hash functions for message authentication, IETF RFC-2104, Feb 1997.Google Scholar
  3. [BKR94]
    M. Bellare, J. Kilian and P. Rogaway. The security of cipher block chaining. CRYPTO 94Google Scholar
  4. [GMR88]
    O. Goldwasser, S. Micali, and R. Rivest. A digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. Siam Journal of Computing, 1988, pg 281–308.MathSciNetCrossRefGoogle Scholar
  5. [PV95]
    B. Preneel and P.C. van Oorschot. MD-x MAC and building fast MACs from hash functions, CRYPTO 95.Google Scholar
  6. [R92]
    R. Rivest. The MD5 message digest algorithm. IETF RFC-1321, 1992.Google Scholar
  7. [WC81]
    M. Wegman and L. Carter. New hash funcitons and their use in authentication and set equality. Journal of Computer and System Sciences, 22:265–279, 1981.MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Sarvar Patel
    • 1
  1. 1.Bell LabsLucent TechnologiesWhippanyUSA

Personalised recommendations