Concepts
MAC
MAC is used as a proof in symmetric key cryptography, which then is added to the end of the cryto messgae. At the receiver point, the receiver decrypt the message, generate a MAC from it and compare with the received MAC one. The integrity of the message can be guarrated practically in the case of the same recieved and computed MACs. A good illustration:
Based on the name, the MAC is used for authentication. Moreover, it is used to check the integrity and to become sure regarding non-repudiation of the message. Some important notes:
- MAC has a lower length in comparison with the plaintext. Thus, it is not unique like hash function. In other words, two different plaintexts may have the same MAC values. However, the likelihood of this occurrence is very low and thus it can be used for authentication and integrity.
- In comparison with checksum, a private key is used to generate MAC. So it can not be regenerated by an imaginary intruder, who has an oracle who decrypts the crypt massage.
- A good comparion between cryptography hash functions and MAC:
- The non-repudiation is still is a open question for me. I think the above table is correct in the sense that the length of MAC is lower than the length of the plaintext, but it is inpractical.!
Block cipher
MAC in ISO 8583
According to ISO-8583:2003 the MAC code should be in accordance with ISO 9807 code:
Thus I started to search for ISO 9807. The last version of ISO 9807 was published in 1991 according to the ISO site, which then revised by ISO16609:2004 and then ISO16609:2012 (to Buy and another site).
Since the ISO-8583 standard is not changed yet, and in addition the version of year 1991 is mandatory by the CBI, I do not follow the new standard in a detail way.
According to this C# implementation of ANSI X9.19 and this Spanish JAVA implementation of ANSI X9.19:
Moreover:
ISO/IEC 9797
The standard is well described in its wikipedia page. Only the MAC algorithm 1 is studied in this post.
MAC algorithm 1
This algorithm uses initial transformation 1 and output transformation 1. Only one key is required, K. (When the block cipher is DES, this is equivalent to the algorithm specified in FIPS PUB 113 Computer Data Authentication.[2]) Algorithm 1 is commonly known as CBC-MAC.[3]
Steps
- Padding of the data to a multiple of the cipher block size
- Splitting of the data into blocks
- Initial transformation of the first block of data
- Iteration through the remaining blocks of data
- Output transformation of the result of the last iteration
- Truncation of the result to the required length
Padding method 1
If necessary, add bits with value 0 to the end of the data until the padded data is a multiple of n. (If the original data was already a multiple of n, no bits are added.)
Splitting
The padded data D is split into q blocks D1, D2, … Dq, each of length n, suitable for the block cipher.
Initial transformation
A cryptographic operation is performed on the first block (D1), to create an intermediate block H1.
Initial transformation 1
D1 is encrypted with the key K: H1 = eK(D1)
Iteration
Blocks H2 … Hq are calculated by encrypting, with the key K, the bitwise exclusive-or of the corresponding data block and the previous H block.
for i = 2 to q: Hi = eK(Di ⊕ H(i-1))
If there is only one data block (q=1), this step is omitted.
Output transformation
A cryptographic operation is (optionally) performed on the last iteration output block Hq to produce the block G.
Output transformation 1
Hq is used unchanged: G = Hq
Implementation
Handy
The best found handy implementation: Orlin Grabbe.
C#
C# implementation of ANSI X9.19
Java
Spanish JAVA implementation of ANSI X9.19: