Message Authenticator Algorithm

It was designed in 1983 by Donald Davies and David Clayden at the National Physical Laboratory (United Kingdom) in response to a request of the UK Bankers Automated Clearing Services. The MAA was one of the first Message Authentication Code algorithms to gain widespread acceptance.

The original specification

{{cite conference|last=Davies |first=Donald W. |year=1985 |title=A Message Authenticator Algorithm Suitable for a Mainframe Computer |book-title=Advances in Cryptology – Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (CRYPTO’84), Santa Barbara, CA, USA |series=Lecture Notes in Computer Science |volume=196 |publisher=Springer |pages=393–400 |doi=10.1007/3-540-39568-7_30|doi-access=free }}

{{cite report|first1=Donald W. |last1=Davies |first2= David O. |last2=Clayden |year=1988 |title=The Message Authenticator Algorithm (MAA) and its Implementation |type=NPL Report DITC 109/88 |institution=National Physical Laboratory |location=Teddington, Middlesex, UK |url=http://www.cix.co.uk/~klockstone/maa.pdf}}

of the MAA was given in a combination of natural language and tables, complemented by two implementations in C and BASIC programming languages.

The MAA was adopted by ISO in 1987 and became part of international standards ISO 8730

{{cite report|author=International Organization for Standardization |year= 1987 |title=International Standard 8731-2. Approved Algorithms for Message Authentication – Part 2: Message Authenticator Algorithm (MAA) |location=Geneva}}

{{cite report|author=International Organization for Standardization |year= 1992 |title=International Standard 8731-2. Approved Algorithms for Message Authentication – Part 2: Message Authenticator Algorithm (MAA) |location=Geneva}}

and ISO 8731-2

{{cite report|author=International Organization for Standardization |year= 1990 |title=International Standard 8730. Requirements for Message Authentication (Wholesale) |location=Geneva}}

intended to secure the authenticity and integrity of banking transactions.

Later, cryptanalysis of MAA revealed various weaknesses, including feasible brute-force attacks, existence of collision clusters, and key-recovery techniques.

{{cite conference|first1=Bart |last1=Preneel |first2= Paul C.|last2=van Oorschot |year=1996 |title=On the Security of Two MAC Algorithms |conference=Advances in Cryptology – Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT’96), Saragossa, Spain |series=Lecture Notes in Computer Science |volume=1070 |publisher=Springer |pages=19–32 |doi=10.1007/3-540-68339-9_3|doi-access=free }}

{{cite journal|first1=Bart |last1=Preneel |first2= Paul C.|last2=van Oorschot |year=1999 |title=On the Security of Iterated Message Authentication Codes |journal=IEEE Transactions on Information Theory |volume=45 |number=1 |pages=188–199 |doi=10.1109/18.746787}}

{{cite journal|first1=Bart |last1=Preneel |first2=Vincent |last2=Rumen |first3= Paul C.|last3=van Oorschot |year=1997 |title=Security Analysis of the Message Authenticator Algorithm (MAA) -journal=European Transactions on Telecommunications |volume=8 |number=5 |pages=455–470 |doi=10.1002/ett.4460080504}}

{{cite conference|first1=Vincent |last1=Rijmen |first2=Bart |last2=Preneel |first3=Erik |last3=De Win |year=1996 |title=Key Recovery and Collision Clusters for MAA |conference=Proceedings of the 1st International Conference on Security in Communication Networks (SCN’96) |url=https://www.cosic.esat.kuleuven.be/publications/article-437.pdf}}

For this reason, MAA was withdrawn from ISO standards in 2002 but continued to be used as a prominent case study for assessing various formal methods.{{cite book|chapter-url=https://link.springer.com/referenceworkentry/10.1007%2F978-1-4419-5906-5_591|chapter=MAA|publisher=Encyclopedia of Cryptography and Security|year=2011|doi=10.1007/978-1-4419-5906-5_591 |access-date=3 May 2021|title=Encyclopedia of Cryptography and Security |last1=Preneel |first1=Bart |pages=741–742 |isbn=978-1-4419-5905-8 }}

The MAA has been used as a prominent case study for assessing various formal methods.

In the early 1990s, the NPL developed three formal specifications of the MAA: one in Z,

{{cite report|author=M. K. F. Lai |year=1991 |title=A Formal Interpretation of the MAA Standard in Z |type=NPL Report DITC 184/91 |institution=National Physical Laboratory |location=Teddington, Middlesex, UK}}

one in LOTOS,

{{cite report|author=Harold B. Munster |year=1991 |title=LOTOS Specification of the MAA Standard, with an Evaluation of LOTOS |type=NPL Report DITC 191/91 |institution=National Physical Laboratory |location=Teddington, Middlesex, UK |archive-url=https://web.archive.org/web/20170706122244/ftp://ftp.inrialpes.fr/pub/vasy/publications/others/Munster-91-a.pdf |archive-date=2017-07-06 |url-status=dead |url=ftp://ftp.inrialpes.fr/pub/vasy/publications/others/Munster-91-a.pdf}}

and one in VDM.

{{cite report|author1=Graeme I. Parkin |author2=G. O’Neill |year=1990 |title=Specification of the MAA Standard in VDM |type=NPL Report DITC 160/90 |institution=National Physical Laboratory, Teddington, Middlesex, UK}}

{{cite conference|author1=Graeme I. Parkin |author2=G. O’Neill |year=1991 |title=Specification of the MAA Standard in VDM |editor1=Søren Prehn |editor2=W. J. Toetenel |conference=Formal Software Development – Proceedings (Volume 1) of the 4th International Symposium of VDM Europe (VDM’91), Noordwijkerhout, The Netherlands |series=Lecture Notes in Computer Science |volume=551 |publisher=Springer |pages=526–544 |doi=10.1007/3-540-54834-3_31}}

The VDM specification became part of the 1992 revision of the International Standard 8731-2, and three implementations were manually derived from that latter specification: C, Miranda, and Modula-2.{{cite report|author=R. P. Lampard |year=1991 |title=An Implementation of MAA from a VDM Specification |type=NPL Technical Memorandum DITC 50/91 |institution=National Physical Laboratory |location=Teddington, Middlesex, UK}}

Other formal models of the MAA have been developed. In 2017, a complete formal specification of the MAA as a large term rewriting system was published;

{{cite conference|first1=Hubert |last1=Garavel |first2=Lina |last2=Marsso |title=A Large Term Rewrite System Modelling a Pioneering Cryptographic Algorithm |conference=Proceedings of the 2nd Workshop on Models for Formal Analysis of Real Systems (MARS'17), Uppsala, Sweden |year=2017 |series=Electronic Proceedings in Theoretical Computer Science |volume=244 | pages=129–183|url=http://cadp.inria.fr/publications/Garavel-Marsso-17.html |doi=10.4204/EPTCS.244.6|arxiv=1703.06573 }}

From this specification, [http://www.mars-workshop.org/repository/012-MAA.html implementations of the MAA in fifteen different languages] have been generated automatically. In 2018, two new formal specifications of the MAA, in LOTOS and LNT, have been published.

{{cite conference|first1=Hubert |last1=Garavel |first2=Lina |last2=Marsso |title=Comparative Study of Eight Formal Specifications of the Message Authenticator Algorithm |conference=Proceedings of the 3nd Workshop on Models for Formal Analysis of Real Systems (MARS'18) and 6th International Workshop on Verification and Program Transformation (MARS/VPT 2018), Thessaloniki, Greece |year=2018 |series=Electronic Proceedings in Theoretical Computer Science |volume=268 |pages=41–87|url=http://cadp.inria.fr/publications/Garavel-Marsso-18.html |doi=10.4204/EPTCS.268.2|arxiv=1803.10322 }}

{{reflist}}

• {{cite book|first=Bart |last=Preneel |year=2011 |chapter=MAA |editor-first1=Henk C. A. |editor-last1=van Tilborg|editor-first2=Sushil |editor-last2=Jajodia |title=Encyclopedia of Cryptography and Security |publisher =Springer |pages=741–742 |doi=10.1007/978-1-4419-5906-5_591|isbn=978-1-4419-5905-8 |edition=2nd }}
• http://www.cix.co.uk/~klockstone/maa.htm
• http://www.mars-workshop.org/repository/012-MAA.html

{{Cryptography navbox|hash}}

Category:Cryptographic hash functions

Category:Broken hash functions

Category:Checksum algorithms