Keying hash functions for message authentication

Mihir Bellare, Ran Canetti, Hugo Krawczyk

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The use of cryptographic hash functions like MD5 or SHA-1 for message authentication has become a standard approach in many applications, particularly Internet security protocols. Though very easy to implement, these mechanisms are usually based on ad hoc techniques that lack a sound security analysis. We present new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function. Our schemes, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths. Moreover we show, in a quantitative way, that the schemes retain almost all the security of the underlying hash function. The performance of our schemes is essentially that of the underlying hash function. Moreover they use the hash function (or its compression function) as a black box, so that widely available library code or hardware can be used to implement them in a simple way, and replaceability of the underlying hash function is easily supported.

Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPT0 1996 - 16th Annual International Cryptology Conference, Proceedings
EditorsNeal Koblitz, Neal Koblitz
PublisherSpringer Verlag
Number of pages15
ISBN (Print)3540615121, 3540615121, 9783540615125, 9783540615125
StatePublished - 1996
Externally publishedYes
Event16th Annual International Cryptology Conference, CRYPT0 1996 - Santa Barbara, United States
Duration: 18 Aug 199622 Aug 1996

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference16th Annual International Cryptology Conference, CRYPT0 1996
Country/TerritoryUnited States
CitySanta Barbara


Dive into the research topics of 'Keying hash functions for message authentication'. Together they form a unique fingerprint.

Cite this