Quiz Entry - updated: 2026.07.14
How does a MAC (Message Authentication Code) work?
A MAC is computed using a shared secret key and appended to the message — the receiver recomputes it to verify integrity and authenticity.
* Alice tags m with h(K,m); Bob recomputes and compares — integrity and authenticity, not non-repudiation. *
The process:
- Sender (Alice): Computes $\text{MAC} = h(K, m)$ where $K$ is the shared key and $m$ is the message
- Sends: Both $m$ and the MAC (called the "authentication value" or "Authentikationswert")
- Receiver (Bob): Recomputes $h(K, m)$ using the same shared key $K$
- Verifies: If the recomputed MAC matches the received MAC, the message is authentic and unmodified
Key point: The MAC key is symmetric — both Alice and Bob share the same key $K_G = K_V$ (generation key = verification key). This means a MAC cannot provide non-repudiation, because Bob could have generated the MAC himself.
Go deeper:
Message authentication code — the standard reference on MACs.
RFC 2104 — HMAC — the keyed-hash MAC construction, as a primary spec.