What is a Message Authentication Code (MAC), and what two security properties does it provide?
A keyed cryptographic checksum that proves two things: (1) the message wasn't modified (integrity), and (2) it was produced by someone who knows the shared key (authenticity).
The protocol: Alice and Bob share a secret key k. Alice sends (message, MAC(k, message)). Bob recomputes the MAC over the received message with his copy of k and compares. Equal → message is authentic and unchanged. Different → tampered or forged.
Two security properties:
| Property | What it means | Without it... |
|---|---|---|
| Daten-Integrität (Data Integrity) | The message wasn't modified in transit | Eve could flip bits, change amounts, swap recipients |
| Benutzer-Authentizität (User Authenticity) | The sender knows the shared key (and Eve doesn't) | Eve could fabricate messages and Bob would accept them |
MAC is NOT encryption. A MAC by itself does not hide the message — it just adds a tag. For confidentiality + integrity together, use authenticated encryption (AEAD: AES-GCM, ChaCha20-Poly1305).
MAC vs digital signature:
| MAC | Digital signature | |
|---|---|---|
| Key | Shared symmetric secret | Sender's private key, verifier uses public key |
| Speed | Very fast | Slower (RSA/ECDSA operations) |
| Non-repudiation | ❌ Either party could have made the MAC | ✅ Only the private-key holder could have signed |
Two ways to build MACs:
- Block cipher based: CMAC, GMAC (the MAC half of GCM).
- Hash function based: HMAC (RFC 2104) — used everywhere in TLS, JWT, API signing.
Tip: MACs are the workhorse of "did this message really come from a trusted source and arrive intact?" Almost every authenticated network protocol uses one. Always verify the MAC before processing the message — otherwise you might be processing attacker-controlled data.