ISO/IEC 9797-2:2011 信息技术 安全技术 电文鉴别代码(MACs) 第2部分:用专用散列函数的机制
标准编号:ISO/IEC 9797-2:2011
中文名称:信息技术 安全技术 电文鉴别代码(MACs) 第2部分:用专用散列函数的机制
英文名称:Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function
发布日期:2011-05
标准范围
消息验证码(MAC)算法是将短字符串(消息验证码或MAC)计算为数据的每个比特和密钥的复杂函数的数据完整性机制。它们的主要安全特性是不可伪造性:不知道密钥的人不应该能够预测任何新数据字符串上的MAC。MAC算法可以用于提供数据完整性。其目的是检测任何未经授权的数据修改,如删除、插入或运输数据中的项目。这包括恶意修改和意外修改。MAC算法还可以提供数据源身份验证。这意味着它们可以保证消息是由拥有特定密钥的实体发起的。ISO/IEC 9797-2:2011规定了三种基于专用散列函数的MAC算法(选自ISO/IEC 10118-3)。ISO/IEC 9797-2:2011规定了三种MAC算法,它们使用密钥和具有n位结果的散列函数(或其舍入函数)来计算m位MAC。数据完整性机制和消息认证机制的强度取决于密钥的长度(以比特为单位)k和保密性,取决于哈希函数的长度(以比特计)n及其强度,取决于MAC的长度(按比特计)m,以及取决于特定机制。ISO/IEC 9797-2:2011中规定的第一种机制通常称为MDx MAC。它只调用了一次完整的散列函数,但对round进行了小的修改-函数,方法是在round函数中的加法常数中添加一个键。ISO/IEC 9797-2:2011中规定的第二种机制通常称为HMAC。它调用完整的散列函数两次。ISO/IEC 9797-2:2011中规定的第三种机制是MDx MAC的变体,它只接受短字符串(最多256位)作为输入。它为仅使用短输入字符串的应用程序提供了更高的性能。
Message Authentication Code (MAC) algorithms are data integrity mechanisms that compute a short string (the Message Authentication Code or MAC) as a complex function of every bit of the data and of a secret key. Their main security property is unforgeability: someone who does not know the secret key should not be able to predict the MAC on any new data string.MAC algorithms can be used to provide data integrity. Their purpose is the detection of any unauthorized modification of the data such as deletion, insertion, or transportation of items within data. This includes both malicious and accidental modifications. MAC algorithms can also provide data origin authentication. This means that they can provide assurance that a message has been originated by an entity in possession of a specific secret key.ISO/IEC 9797-2:2011 specifies three MAC algorithms that are based on a dedicated hash-function (selected from ISO/IEC 10118-3).ISO/IEC 9797-2:2011 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC.The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of the hash-function and its strength, on the length (in bits) m of the MAC, and on the specific mechanism.The first mechanism specified in ISO/IEC 9797-2:2011 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2011 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2011 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.
标准预览图
