Implementing-cryptography-using-python
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 7 ■ Message Integrity 201
private key. This means that anyone who has the sender’s public key can
decrypt the MAC; this method is to ensure authentication. This scheme
is the basic concept behind a digital signature.
■■
Symmetric public-key confidentiality: This scheme builds on the
public-key MAC encryption where the message is concatenated with the
encrypted public-key MAC, but then the concatenated message is encrypted
again with a symmetric key. The scheme is frequently used when both
authentication and confidentiality are needed.
■■
Hidden secret: In the next scheme, nothing is encrypted. The sender
appends a secret string S, also known to the receiver, to the message before
computing its MAC; the sender then removes the secret string. Before
checking the MAC of the received message for its authentication, the
receiver appends the same secret string S to the message and computes
the MAC to confirm both matches.
■■
Symmetric key confidentiality: This scheme is similar to symmetric
public-key confidentiality with the exception that instead of using a public
key to encrypt the MAC, the sender uses a symmetric key. He then concatenates
the MAC to the message and encrypts the message again.
You might wonder why we do not do something simple like H(K|m) for some
secure hash function H. We do not explore the details of how hash functions
compress large amounts of data down to something fixed length, but they use
something analogous to a block cipher mode for compression, called the Merkle-
Damgård construction. The heart of most hash functions is a “compressor” that
takes in two fixed-length inputs and spits out one output of that length. Then it
concatenates the block compressions into the final hash. Knowing that, we can
forge signatures with an unknown secret key. Next, you will learn how to generate
your first cryptographically secure MAC, which is a clever application of
hashing to generate a difficult-to-forge tag. The system is called the Hash-based
Message Authentication Code, or HMAC.
Hash-based Message Authentication Code
A cryptographically secure MAC is known as a Hash-based Message
Authentication Code (HMAC). For a hash function to be considered cryptographically
secure, it must satisfy two properties:
■■
One-way property: The one-way property refers to a hash function that
makes it computationally infeasible to find a message that corresponds
to a given MAC.
■ ■ Strong collision resistance property: The strong collision resistance
property refers to a hash function that makes it computationally infeasible
to find two different messages that hash to the same MAC.