I'm designing a micro-services system where each service manages some set of entities (User, Account, e.g).
I want to be able to verify the authenticity of entity identifiers (e.g User-Id and Account-Id), to make sure the identifier was actually produced by service and not some random data a user produced.
For example, the Account-Service has a Create-Account method that accepts a User-Id (the owner of the account), I want to avoid going to the User-Service in order to check if the User-Id actually exist (or using database foreign keys). The identifiers are 64-bit integers.
Two additional requirements are for the cryptography algorithm is to be very fast and produce short as possible ciphertext/MAC. I don't care if the 64-bit identifiers would be exposed.
Authenticated encryption with sharing the secret between the services would produce a very long string and would be too slow.
I'm considering SipHash but I'm not sure if it is secure enough for this purpose, maybe the 128-bit version of SipHash?
Any other algorithm or method to achieve this?
