In cryptography, a message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message. The resulting digest or fingerprint is then encrypted to hide the identity of the hash function used. As with any MAC, it may be used to simultaneously verify both the "data integrity" and the "authenticity" of a message. A UMAC has provable cryptographic strength and is usually a lot less computationally intensive than other MACs.

Universal Hashing

Let's say the hash function is chosen from a class of hash functions H, which maps messages into D, the set of possible message digests. This class is called universal if, for any distinct pair of messages, there are at most |H|/|D| functions that map them to the same member of D.

This means that if an attacker wants to replace one message with another and, from his point of view the hash function was chosen completely randomly, the probability that the UMAC will not detect his modification is at most 1/|D|.

But this definition is not strong enough — if the possible messages are 0 and 1, D={0,1} and H consists of the identity operation and "not", H is universal. But if the digest is then encrypted by modular addition, the attacker can change the message and the digest at the same time and the receiver wouldn't know the difference.

trongly universal hashing

A class of hash functions H that is good to use will make it difficult for an attacker to guess the correct digest "d" of a fake message "f" after intercepting one message "a" with digest "c". In other words:Pr_{h in H} [h(f)=d|h(a)=c] needs to be very small, preferably 1/|D|.

It's easy to construct a class of hash functions when D is field. For example if |D| is prime, all the operations are taken modulo |D|. The message "a" is then encoded as an n-dimensional vector over D (a1,a2,..,an). H then has |D|n+1 members, each corresponding to an n+1-dimensional vector over D (h0,h1,..,hn). If we let: h(a)=h_0+sum_{i=1}^n h_ia_iwe can use the rules of probabilities and combinatorics to prove that:Pr_{h in H} [h(f)=d|h(a)=c] ={1 over |D

If we properly encrypt all the digests (e.g. with a one-time pad), an attacker cannot learn anything from them and the same hash function can be used for all communication between the two parties. This may not be true for ECB encryption because it may be quite likely that two messages produce the same hash value. Then some kind of initialization vector should be used, which is often called the nonce. It has become common practice to set h0=f(nonce), where f is also secret.

Notice that having massive amounts of computer power does not help the attacker at all. If the recipient limits the amount of forgeries it accepts (by sleeping whenever it detects one), |D| can be 232 or smaller.


The following C function generates a 24 bit UMAC. It assumes that 'secret' is a multiple of 24 bits, 'msg' is not longer than 'secret' and 'result' already contains the 24 secret bits e.g. f(nonce). nonce does not need to be contained in 'msg'.

#define uchar unsigned char void UHash24 (uchar *msg, uchar *secret, int len, uchar *result) { uchar r1 = 0, r2 = 0, r3 = 0, s1, s2, s3, byteCnt = 0, bitCnt, byte; while (len-- > 0) { if (byteCnt-- = 0) { s1 = *secret++; s2 = *secret++; s3 = *secret++; byteCnt = 2; } byte = *msg++; for (bitCnt = 0; bitCnt < 8; bitCnt++) { if (byte & 1) { /* msg not divisible by x */ r1 ^= s1; /* so add s * 1 */ r2 ^= s2; r3 ^= s3; } byte >>= 1; /* divide message by x */ if (s3 & 0x80) { /* and multiply secret with x, subtracting the polynomial when necessary to keep it's order under 24*/ s3 <<= 1; if (s2 & 0x80) s3 |= 1; s2 <<= 1; if (s1 & 0x80) s2 |= 1; s1 <<= 1; s1 ^= 0x1B; /* x^24 + x^4 + x^3 + x + 1 */ } else { s3 <<= 1; if (s2 & 0x80) s3 |= 1; s2 <<= 1; if (s1 & 0x80) s2 |= 1; s1 <<= 1; } } /* for each bit in the message */ } /* for each byte in the message */ *result++ ^= r1; *result++ ^= r2; *result++ ^= r3; }


* [ UMAC] has been approved by the IETF as an informational RFC. It's fast and based on AES.

ee also

* Poly1305-AES is another fast MAC based on strongly universal hashing and AES.

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • UMAC — (англ. message authentication code based on universal hashing, universal MAC, код аутентификации сообщения на основе универсального хеширования)  один из видов кода аутентичности сообщений (MAC). Содержание 1 История 2 Описание …   Википедия

  • UMAC — En criptografía, un código de autenticación de mensajes basado en hashing universal o UMAC es un tipo de código de autenticación de mensajes (MAC) que se calcula elijiendo una función de hash de una clase de funciones de hash de acuerdo a algún… …   Wikipedia Español

  • umac — is. Ovulmuş undan bişirilən duru xörək və bu xörək üçün üstünə su səpilərək hazırlanan xəmir ovuntularının özü (xalq arasında adətən tərləmək üçün soyuq dəymiş adamlara verilir). <Ağa Kərim xan:> . . Haflama gürzə, qurutlu aş, mal ətinin… …   Azərbaycan dilinin izahlı lüğəti

  • UMAC — Upper Merion Aquatic Club (Community » Sports) …   Abbreviations dictionary

  • UMAC — Upper Midwest Aerospace Consortium Contributor: GSFC …   NASA Acronyms

  • UMAC — abbr. Universal Motion and Automation Controller …   Dictionary of abbreviations

  • University of Macau — Infobox University name = University of Macau Universidade de Macau 澳門大學 motto = Benevolence, righteousness, propriety, wisdom and sincerity (Traditional Chinese:仁義禮智信) established = 1981 type = Public location = Av. Padre Tomás Pereira Taipa,… …   Wikipedia

  • The College of St. Scholastica — College of St. Scholastica Motto Omnes semitae eius pacificae Motto in English Her ways are ways of beauty, and all her paths are peace. Established …   Wikipedia

  • Ken Crandall — College coach infobox Name = Ken Crandall | Caption = DateOfBirth = Birthplace = DateOfDeath = Sport = College football College = Title = CurrentRecord = OverallRecord = Awards = 2006 UMAC North Division Coach of the Year 2006 UMAC Conference… …   Wikipedia

  • Hespos — Hans Joachim Hespos (* 13. März 1938 in Emden) ist ein deutscher Komponist und Verleger seiner eigenen Arbeiten. Inhaltsverzeichnis 1 Leben 2 Musikalisches Wirken 3 Auszeichnungen 4 Uraufführung …   Deutsch Wikipedia