, a message authentication code based on universal hashing
, or UMAC
, is a type of message authentication code
(MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message. The resulting digest or fingerprint is then encrypted to hide the identity of the hash function used. As with any MAC, it may be used to simultaneously verify both the data integrity
and the authenticity
of a message
. A UMAC has provable cryptographic strength and is usually a lot less computationally intensive than other MACs.
Let's say the hash function is chosen from a class of hash functions H, which maps messages into D, the set of possible message digests. This class is called universal
if, for any distinct pair of messages, there are at most |H|/|D| functions that map them to the same member of D.
This means that if an attacker wants to replace one message with another and, from his point of view the hash function was chosen completely randomly, the probability that the UMAC will not detect his modification is at most 1/|D|.
But this definition is not strong enough — if the possible messages are 0 and 1, D= and H consists of the identity operation and not
, H is universal. But if the digest is then encrypted by modular addition, the attacker can change the message and the digest at the same time and the receiver wouldn't know the difference.
Strongly universal hashing
A... Read More