In Introduction to Cryptographic Hash Functions for the Working Developer, I presented a straight to the point, overview of some essential things a developer should know about cryptographic hash functions.

This post continues in the theme around hash functions, by taking a look at another cryptographic construction hash functions make possible, that is: Message Authentication Codes (MACs).

It is worth quoting Bruce schneier again:

Much more than encryption algorithms, one-way hash functions are the workhouses of modern cryptography

Because Message Authentication Code based on hash functions is a perfect demonstration of how crucial hash functions are.

This post contains the following sections:

- Why Hash Functions alone are not enough
- What is Message Authentication Code
- What is a Hash Based Authentication Code (HMAC)
- What is a Keccak Based Authentication Code (KMAC)
- Some real world applications of Message Authentication Code

### Hash Functions alone are not enough

### What is Message Authentication Code

A message authentication code, is extra data or information that is used to confirm that a piece of data came from the stated sender (confirming authenticity) and has not been changed (providing integrity). This piece of extra data/information is often referred to as the authentication tag.

In general authentication tag can be broadly classified into 4 categories: unconditionally secure, hash function-based, stream cipher-based and block cipher-based. In this post, I would only be touching on two of the hash function-based: HMAC (Keyed-hash message authentication code) and KMAC (KECCAK Message Authentication Code).

In summary, the *hash function based MACs* can be seen as a mix of a hash function and a secret. Let's look first at HMACs.

### What is HMAC

HMAC is a MAC created from using a cryptographic hash function and a secret cryptographic key.

The cryptographic hash function can be any secure hash function, such as SHA-2 or SHA-3. This is reflected in the name of the given HMAC. For example, HMAC-SHA256 and HMAC-SHA3-512 is created using a secret key with SHA-2 (256) and SHA-3 (512) respectively.

As noted in Introduction to Cryptographic Hash Functions for the Working Developer naively using SHA-2 to hash concatenated secrets with a message is insecure due to the weakness of SHA-2 to the length extension attack. This is why HMAC is needed when the requirement is to use SHA-2 with a key in other to create an authenticated tag.

Although it is beyond the scope of this post to dig into how HMAC works, it is worth pointing out that HMAC construction is not a naive concatenation of secret keys and data. HMAC uses a nested construction which avoids the length extension attack pitfall, Hence it is a special one that takes care of combining secret keys and data together in such a way to avoid being susceptible to the length extension attack.

SHA-3 on the other hand is not susceptible to the length extension attack and it is relatively safe to create an authentication tag manually using SHA-3-512(πΎπΈπ‖πππ π πππ), but since the HMAC construction is available, it is also possible to use the construction with SHA-3 instead, hence HMAC-SHA3-512.

Using HMAC-SHA3-512 is not advised though, as it is not efficient. As stated in NIST SP 800-185

KMAC is a keyed hash function or pseudo-random function (PRF) that can be used, e.g., to compute a message authentication code (MAC) or to derive a session key from a master key. It is more efficient than HMAC by removing the need for HMAC's nested construction

Hence when there is the need to use SHA-3 hash functions to create authentication tag, it is preferable to do so using KMAC, which we look at next.

### What is KMAC

The KECCAK Message Authentication Code (KMAC) algorithm is also a keyed hash function but based on KECCAK.

It provides variable-length output, and unlike SHAKE and cSHAKE, altering the requested output length also generates a new, unrelated output.

KMAC has two variants, KMAC128 and KMAC256, built from cSHAKE128 and cSHAKE256, respectively.

### Some real world applications of Message Authentication Code

**JSON Web Token**

**HMAC-based one-time password**

**Signing HTTP Requests**

## No comments:

Post a Comment