scope:

This part of ISO/IEC 9797 specifies four MAC algorithms that use a secret key and a universal hash-function with an n-bit result to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) and secrecy of the key, on the length (in bits) of a hash-code produced by the hash-function, on the strength of the hash-function, on the length (in bits) of the MAC, and on the specific mechanism. The four mechanisms specified in this part of ISO/IEC 9797 are based on the block ciphers specified in ISO/IEC 18033-3 and the stream ciphers specified in ISO/IEC 18033-4. 1) The first mechanism specified in this part of ISO/IEC 9797 is commonly known as UMAC. 2) The second mechanism specified in this part of ISO/IEC 9797 is commonly known as Badger. 3) The third mechanism specified in this part of ISO/IEC 9797 is known as Poly1305-AES. 4) The fourth mechanism specified in this part of ISO/IEC 9797 is known as GMAC. NOTE A general framework for the provision of integrity services is specified in ISO/IEC 10181-6[7].