www.syngress.com Why a Signature Is Not a MAC Message authentication codes (MACs)  are a way to assure data integrity and authenti- cate some data.You use a MAC by having the message creator perform a one- way cryptographic hash operation, which requires a secret key in order to function.This MAC and the data are then sent to the recipient.The recipient uses the same secret key to independently generate the hash value and compares that calculation with the one that was sent.We assume that the secret key is prop- erly and securely managed so that the originator and the recipients are the key’s only possessors. How the receiver actually gets this key isn’t important right now; maybe it shows up in an interoffice memo.We assume that the receiver has the secret key and that it is and always will be correct. Getting the same MAC value proves data integrity.That is, the mail did get through. Since the receiver knows that the originator has the key, only the originator could have generated the MAC (the receiver didn’t send the data to itself), so this authenticates the data to the receiver. A MAC does not, however, provide nonrepudiation.This is because both sides have the secret key and therefore have the ability to generate the MAC. Consequently, there is no way a third party could prove who actually created the MAC. MACs are usually faster executing than the encrypt/decrypt used in digital signatures because of their usually shorter bit length.This is the same reason that message digests or thumbprints are useful when you are validating on the fly. If you have your own private network established (and hence non-repudiation is not an issue), MACs might be all you need to authenticate and validate a message. Public and Private Keys If we could somehow split the keying that is used for the MAC so that one key is used to create the MAC and another is used for verification, we could create a MAC that included nonrepudiation capabilities. Such a system with split keys is known as asymmetric encryption and was something of a holy grail for cryptog- raphy until it was shown to be possible in 1976 by Whitfield Diffie, Martin Hellman, and Ralph Merkle. Ronald Rivest, Adi Shamir, and Leonard Adelman created the first practical implementation of this method in 1978. Once you have an asymmetric encryption method, you can do something that was previously unthinkable in cryptography:You can publicly publish your key! You still keep one key private, but you want the other key to be as widely known as possible, so you make it public.The reason that you want to do this (with regard to digital signatures) is that anybody who has your public key can XML Digital Signatures •  Chapter 5 145