In cryptography, a keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. The definition of HMAC is as follows:HMAC(K,m)=H((K⊕opad)∥H((K⊕ipad)∥m))whereH is a cryptographic hash function.K is a secret key padded to the right with extra zeroes to the input block size of the hash function, or the hash of the original key if it is longer than that block size.m is the message to be authenticated,∥ denotes concatenation,⊕ denotes exclusive or (XOR),opad is the outer padding (0x5c5c5c . . . 5c5c, one-block-long hexadecimal constant), and ipad is the inner padding (0x363636 . . . 3636, one-block-long hexadecimal constant).
HMAC is defined to be performed on a single machine with the full key in memory. HMAC may also be performed on two or more computerized entities, using Secure Multi-Party Computation (MPC), for example in order to authenticate passwords, such as one-time passwords, but can also be used for other purposes. MPC is used when none of the parties holds the entire encryption key and the encryption key is shared between the parties. Standard implementations of HMAC performed in multi-party computation requires representing the HMAC function as a Boolean circuit and securely computing many Boolean gates, which requires transferring a relatively large amount of data between the parties. When one of the parties is a limited in computing resources, such as a mobile phone, using Boolean gates makes the process slow and may interfere with the normal operation of the mobile phone.