ISO IEC 9797-2 pdf download

ISO IEC 9797-2 pdf download.Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function
1 Scope
This part of ISO/IEC 9797 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The strength of the data integrity and message authentication mechanisms is dependent on the entropy and secrecy of the key, on the length (in bits) n of a hash-code produced by the hash-function, on the strength of the hash-function, on the length (in bits) m of the MAC, and on the specific mechanism. The three mechanisms specified in this part of ISO/IEC 9797 are based on the dedicated hash-functions specified in ISO/IEC 10118-3. The first mechanism is commonly known as MDx-MAC. It calls the hash- function once, but it makes a small modification to the round-function in the hash-function by adding a key to the additive constants in the round-function. The second mechanism is commonly known as HMAC. It calls the hash-function twice. The third mechanism is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers higher performance for applications that work with short input data strings only. This part of ISO/IEC 9797 can be applied to the security services of any security architecture, process, or application. NOTE A general framework for the provision of integrity services is specified in ISO/IEC 10181-6 [5].
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. 3.1 block bit-string of length L 1 , i.e. the length of the first input to the round-function [ISO/IEC 10118-3] 3.2 collision-resistant hash-function hash-function satisfying the following property: – it is computationally infeasible to find any two distinct inputs which map to the same output [ISO/IEC 10118-1] 3.3 entropy total amount of information yielded by a set of bits, representative of the work effort required for an adversary to be able to reproduce the same set of bits [ISO/IEC 18032] 3.4 input data string string of bits which is the input to a hash-function 3.5 hash-code string of bits which is the output of a hash-function [ISO/IEC 10118-1] 3.6 hash-function function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: – for a given output, it is computationally infeasible to find an input which maps to this output; – for a given input, it is computationally infeasible to find a second input which maps to the same output [ISO/IEC 10118-1] 3.7 initializing value value used in defining the starting point of a hash-function [ISO/IEC 10118-1] 3.8 MAC algorithm key key that controls the operation of a MAC algorithm [ISO/IEC 9797-1] 3.9 Message Authentication Code (MAC) string of bits which is the output of a MAC algorithm NOTE A MAC is sometimes called a cryptographic check value (see for example ISO 7498-2 [1]) . [ISO/IEC 9797-1] 3.10 Message Authentication Code (MAC) algorithm algorithm for computing a function which maps strings of bits and a secret key to fixed-length strings of bits, satisfying the following two properties: – for any key and any input string, the function can be computed efficiently; – for any fixed key, and given no prior knowledge of the key, it is computationally infeasible to compute the function value on any new input string, even given knowledge of the set of input strings and corresponding function values, where the value of the ith input string may have been chosen after observing the value of the first i-1 function values (for integer i > 1) NOTE 1 A MAC algorithm is sometimes called a cryptographic check function (see for example ISO 7498-2 [1]). NOTE 2 Computational feasibility depends on the user’s specific security requirements and environment. [ISO/IEC 9797-1] 3.11 output transformation function that is applied at the end of the MAC algorithm, before the truncation operation [ISO/IEC 9797-1] 3.12 padding appending extra bits to a data string [ISO/IEC 10118-1] 3.13 round-function function that transforms two binary strings of lengths L 1 and L 2 to a binary string of length L 2 NOTE 1 It is used iteratively as part of a hash-function, where it combines a data string of length L 1 with the previous output of length L 2 . [ISO/IEC 10118-1] NOTE 2 This function is also referred to as compression function in a certain hash-function text.