Department of Computer Science; 545 Technology Square, Cambridge, MA 02139. Email
Engineering, Mail Code 0114, University of California at San Diego, 9500; Gilman Drive, La Jolla, CA 92093.;. http://www-cse.ucsd.edu/users/mihir.; canetti@theory.; IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, New York 10598. Email:hug
The use of cryptographic hash functions like MD5 or SHA for message authentication has become a standard approach in many Internet applications and protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover, the security of our schemes is tightly related to that of the hash function. In addition our schemes are efficient and practical. Their performance is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way.