Message Authentication Codes

Overview

The message authentication code (MAC) is generated from an associated message as a method for assuring the integrity of the message and the authenticity of the source of the message. A secret key to the generation algorithm must be established between the originator of the message and its intended receiver(s).

Approved Algorithms

Currently, there are three approved* general-purpose MAC algorithms: HMAC, KMAC, and CMAC.

Keyed-Hash Message Authentication Code (HMAC)

The initial public draft of NIST SP 800-224, Keyed-Hash Message Authentication Code (HMAC): Specification of HMAC and Recommendations for Message Authentication, was released for public comment on June 28, 2024, and the comment period closed September 6, 2024. This publication was proposed by the NIST Crypto Publication Review Board based on the reviews of FIPS 198-1 and SP 800-107r1 in 2022. The final version of SP 800-224 is expected to be published concurrently with the withdrawal of FIPS 198-1.
FIPS 198-1, The Keyed-Hash Message Authentication Code (HMAC) (July 2008), specifies a mechanism for message authentication using an approved hash function. The approved hash functions are specified in FIPS 180-4, Secure Hash Standard, and FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Specific guidelines in connection with HMAC's security properties are provided in NIST SP 107 Revision 1, Recommendation for Applications Using Approved Hash Algorithms.

6/23/25 - See a Federal Register Notice announcing NIST's proposal to officially withdraw FIPS 198-1 and move the HMAC specification to SP 800-224. Comments are due by 7/23/25.

KECCAK Message Authentication Code (KMAC)

KMAC is specified in NIST SP 800-185, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash (December 2016). KMAC is a keyed hash function based on KECCAK, which is specified in FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. There are two variants of KECCAK, KMAC128 and KMAC256.

CMAC Mode for Authentication

CMAC is specified in NIST SP 800-38B, Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication (May 2005). The CMAC mode is constructed from an approved block cipher (e.g., AES, as specified in FIPS 197, The Advanced Encryption Standard).

Notes

The CCM and GCM algorithms for authenticated encryption—each constructed from an approved block cipher—can be specialized to MAC algorithms if no data is to be encrypted. In the case of GCM, this specialization has a separate name, GMAC.
An earlier FIPS—FIPS 113, Computer Data Authentication—specified a Message Authentication Code; it was withdrawn in September 2008.

Testing HMAC, CMAC and GMAC Implementations

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Implementation-related References

*Note: FIPS-approved and/or NIST-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST recommendation, 2) adopted in a FIPS or NIST recommendation, or 3) specified in a list of NIST-approved security functions.

Topics

Security and Privacy: message authentication

Related Projects

Cryptographic Standards and Guidelines
Key Management

Message Authentication Codes MAC

Project Links

Overview

Approved Algorithms

Notes

Testing HMAC, CMAC and GMAC Implementations

Implementation-related References

Project Links

Contacts

Group

Topics

Related Projects

Contacts

Group

Topics

Related Projects