Can a MAC be used as a HMAC?

Question

I am reading through an information security book right now, and a confusing question poses itself to me:

"Could you use a MAC as a HMAC? That is, does a MAC satisfy the same properties that a HMAC satisfies?"

The book then goes on to give a hint about how MACs are computed by CBC mode of a given symmetric block cipher that involves K the key, and to consider when K is known to an attacker for both HMAC and MAC.

Here's the confusing part: Isn't a MAC just a code created from a MAC algorithm, while a HMAC is a type of MAC algorithm? I do not see how any of these hints could be applicable to the question when a MAC and a HMAC are so clearly similar (to a novice).

Am I right in this thinking?

Does this give an answer to your question What is the difference between MAC and HMAC? — kelalaka, Mar 01 '20 at 16:28
Your understanding is correct and the book is using the terms incorrectly. Could you share which book this is? — Maeher, Mar 01 '20 at 16:44
Please use the edit feature for corrections, clarifications, and cleanup only. This network of websites frowns upon edits that change the direction of a question from its original form. It's preferred that people post new questions instead. — Future Security, Mar 03 '20 at 18:07

score 5 · Answer 1 · answered Mar 01 '20 at 23:17

5

HMAC is a type of MAC. The output of a MAC is called a "tag". Not all MAC (algorithms) are HMAC.

MACs are not required to be one-way or collision resistant for someone who knows the key. HMAC, however, inherits the one-way-ness and collision resistance of the underlying hash function.

A CBC-based MAC is mentioned as a hint because it is almost trivial to find preimage values for any given tag value. That also makes collision attacks trivial.

answered Mar 01 '20 at 23:17

Future Security

3,313
1
8
26

A related answer from the question kelalaka linked, which I didn't notice. I didn't mention PRFs, but it is another important aspect of HMAC. (All PRFs can be used as MACs, but not all MACs can be used as PRFs.) – Future Security Mar 03 '20 at 22:04

score 1 · Answer 2 · answered Mar 04 '20 at 01:37

"Could you use an MAC as an HMAC? That is, does a MAC satisfy the same properties that an HMAC satisfies?"

No, only HMAC is a HMAC. And of course any common MAC can be used in the same role as HMAC, as HMAC is just a MAC after all.

However, terms can be confusing here. HMAC is a specific algorithm, however MAC can have two different meanings: MAC could be a generic term for a message authentication code, or it could mean a MAC that is build from a block cipher. Unfortunately there is no specialized term or acronym for the latter.

So basically we are left with the following tree:

                    MAC
                  /     \   ...
                MAC       ?
              /   \      /   \ 
           CMAC   CBC-  HMAC  KMAC
                  MAC

Which makes little to no sense at all.

Better call the second MAC "cipher-based MAC" and call the "?" a "hash-based MAC" then.

Can a MAC be used as a HMAC?

2 Answers2