MACthenencrypt

MACthenencrypt, often short for MAC-then-encrypt, is a cryptographic construction in which a Message Authentication Code (MAC) is first computed on a plaintext message and then the concatenation of the message and its MAC tag is encrypted with a symmetric cipher. The recipient decrypts the ciphertext and then verifies the MAC to ensure both confidentiality and integrity.

In a typical implementation, separate keys are used for the MAC and for encryption. The sender computes

Security considerations for MACthenencrypt depend on the properties of the underlying primitives and correct usage. If

Today, MACthenencrypt is largely superseded by authenticated encryption with associated data (AEAD) schemes, such as AES-GCM

See also: Encrypt-then-MAC, MAC-on-Ciphertext, AEAD, AES-GCM.