8

Does a scheme which provides data authenticity (e.g. HMAC or RSA signature) always implicitly provide integrity? It seems, to me at least, that it must by necessity. However, I have seen cryptographers reference MAC, MIC, and MAIC as separate terms. In my experience, that usually means that there's a subtle difference that's important to pay attention to. However, if MAC and MAIC are identical, what's the reason for the distinction?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Polynomial
  • 3,577
  • 4
  • 30
  • 45

2 Answers2

3

There are varying definitions of authenticity and integrity, but generally speaking, no.

In a cryptographic sense, authenticity indicates that a message was endorsed by a particular principal. This principal may endorse multiple messages, and the same authentication tag can validate distinct messages. For example, having a (secure) MAC guarantees the authenticity of the message, but does not guarantee its integrity (see Why have hashes when you have MACs?). HMAC guarantees authenticity and integrity, but other MACs typically only guarantee authenticity: the authenticating party can forge other messages with the same MAC value.

In a data flow sense, authenticity guarantees the provenance of a message, but it does not distinguish between different messages from the same principal. A mere authenticity check does not protect against replay attacks: a message that was authentic in a previous run of the protocol is still authentic now, but integrity demands that the message that is received is the message that was sent as part of the same run. There are situations where integrity is harder to achieve than authenticity. For example, suppose I back up a file to a remote storage service. When I download the file, I can check that I am getting back a properly signed file, and if I include the file's name, I know that I am truly getting back a version of the file that I uploaded: the file is authentic. If I upload multiple versions of the file under the same name, integrity would guarantee that I download back the latest version; with a mere guarantee of authenticity, all I know is that I downloaded some version of that file.

Community
  • 1
Gilles 'SO- stop being evil'
  • 20,442
  • 4
  • 54
  • 97
1

As I understand, MAIC is mostly used where MAC has a different meaning (e.g. MAC address). If a message authentication code didn't provide integrity, you could make a forgery based on another valid message, so it wouldn't provide authenticity either.

otus
  • 32,462
  • 5
  • 75
  • 167