Working of Message Authentication Code (original) (raw)

Last Updated : 8 Apr, 2026

Secure communication over networks requires ensuring that messages are not altered and originate from a legitimate sender. During transmission, messages may be affected by malicious attacks or accidental changes, such as noise. To address this issue, a cryptographic technique called Message Authentication Code (MAC) is used.

Message Authentication Code (MAC) verifies message integrity and authenticity using a cryptographic technique.
The sender and receiver share a secret key to generate an authentication value.
Sender creates a MAC value from the message and the key, then sends both together.
The receiver recomputes MAC, and matching values confirm authenticity and no alteration.

mac value generation

Components of MAC

**Message (M): Original data to be transmitted.
**Key (k): Secret key shared between sender and receiver.
**MAC Algorithm: A function used to generate a MAC value.
**MAC Value (Tag): Fixed-size output used for verification.

Working of MAC

Sender takes message M and secret key k.
MAC algorithm generates a MAC value.
Sender transmits (M, MAC).
The receiver computes the MAC using the received message.
The receiver compares both MAC values.
If equal → Message is authentic.
If not equal → Message is rejected.

Models of Message Authentication Code

There are different types of models of Message Authentication Code (MAC) as follows:

**MAC without encryption - This model can provide authentication but not confidentiality as anyone can see the message.
**Internal Error Code - In this model of MAC, sender encrypts the content before sending it through network for confidentiality. Thus this model provides confidentiality as well as authentication.

M' = MAC(M, k)

3. **External Error Code - For cases when there is an alteration in message, we decrypt it for waste, to overcome that problem, we opt for external error code. Here we first apply MAC on the encrypted message 'c' and compare it with received MAC value on the receiver's side and then decrypt 'c' if they both are same, else we simply discard the content received. Thus it saves time.
c = E(M, k')
M' = MAC(c, k)

**Problems in MAC -

Reverse engineering may expose plain text or even key due to predictable input-output mapping, to overcome this limitation, hash functions are used, as hash functions operate in one-way manner and prevent reverse computation.

Advantages

Ensures message integrity by detecting any modification.
Verifies authenticity of sender using shared secret key.
Faster and more efficient compared to full encryption methods.
Widely used across network security protocols.
Provides simple and reliable method for message validation.

Limitations

Does not provide confidentiality if used alone.
Requires secure method for key sharing between parties.
Weak algorithms increase risk of compromise.
Cannot prevent replay attacks without additional controls.
Key management becomes challenging in large systems.

Applications

Used in secure communication protocols such as SSL/TLS.
Supports API authentication for validating requests.
Works alongside digital signatures for enhanced security.
Protects banking and financial transactions from tampering.
Ensures data integrity during transmission and storage.

Important Note

Symbol E denotes symmetric key encryption.
Modern systems commonly use HMAC (Hash-based MAC) for better security.