What security properties does a MAC provide vs. a digital signature?
A MAC provides integrity and authenticity but not non-repudiation; a digital signature provides all three including non-repudiation of origin.
Comparison:
| Property | MAC | Digital Signature |
|---|---|---|
| Data integrity | Yes | Yes |
| Data origin authentication | Yes | Yes |
| Insertion protection | Yes | Yes |
| Non-repudiation of origin | No | Yes |
| Key management | Symmetric (shared secret) | Asymmetric (key pair) |
| Speed | Fast | Slower |
Why MAC lacks non-repudiation: Since $K_G = K_V$ (shared key), both Alice and Bob can generate valid MACs. Alice can say: "I didn't send that — Bob generated the MAC himself." There's no way to prove otherwise.
Why digital signatures have non-repudiation: Only Alice possesses $K_{priv,A}$. If a signature verifies with $K_{pub,A}$, Alice must have created it. She cannot deny it (assuming her private key wasn't compromised).
Tip: If you need a legal "proof of sending" (like a registered letter), you need digital signatures. If you just need to verify integrity between trusted partners, a MAC is faster and simpler.
Go deeper:
Non-repudiation — the property only signatures add over a MAC.