The HMAC papers

HMAC is a hash function based message authentication code that was designed to meet the requierments of the IPSEC working group in the IETF, and is now a standard. The main technical paper on the subject, containing the formal security analysis, is Keying hash functions for message authentication. A less technical explanation of the function and its security properties can be found in our CryptoBytes article. Our Internet RFC documents the standard. Information on implementations, test vectors, and usage can be found in the related work and links section.


Keying hash functions for message authentication

Authors: M. Bellare, R. Canetti, and H. Krawczyk

Abstract: The use of cryptographic hash functions like MD5 or SHA for message authentication has become a standard approach in many Internet applications and protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis.

We present new constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. In addition our schemes are efficient and practical. Their performance is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.

Ref: Extended abstract was in Advances in Cryptology - Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed, Springer-Verlag, 1996. Full paper available below.

Full paper: Available as compressed postscript, postscript, or pdf. ( Help if this doesn't work).


Message authentication using hash functions: The HMAC construction

Authors: M. Bellare, R. Canetti, and H. Krawczyk

Abstract: We describe HMAC and explain its security properties.

Ref: RSA Laboratories' CryptoBytes Vol. 2, No. 1, Spring 1996.

Text available: As compressed postscript, postscript, or pdf. ( Help if this doesn't work).


HMAC: Keyed-Hashing for Message Authentication

Authors: H. Krawczyk, M. Bellare, and R. Canetti

Ref: Internet RFC 2104, February 1997.

Text of the RFC: Available here


Related work and links