Home

PMAC

PMAC, or Parallelizable Message Authentication Code, is a family of MAC algorithms designed to produce a short authentication tag for a message using a fixed-key block cipher. Its defining feature is parallelizability: the message is processed in blocks with per-block masks or offsets derived from the key and block index, allowing multiple blocks to be processed simultaneously rather than strictly in sequence. The per-block results are combined to form the final tag.

In typical PMAC constructions, the message is divided into blocks, and each block is combined with a

Security and correctness of PMAC rely on the security of the underlying block cipher. When the block

PMAC has been studied in cryptographic literature as a practical, provably secure MAC based on block ciphers

block-specific
offset
before
the
block
cipher
is
applied.
The
outputs
from
the
blocks
are
then
aggregated
to
produce
the
authentication
tag.
The
approach
ensures
that
each
block
contributes
uniquely
to
the
final
result
and
that
processing
can
be
distributed
across
available
hardware,
improving
performance
on
parallel
architectures.
PMAC
also
includes
a
finalization
step
to
correctly
handle
the
last,
possibly
incomplete,
block
and
the
overall
message
length.
cipher
behaves
as
a
pseudorandom
permutation,
PMAC
provides
standard
MAC
security
guarantees:
a
successful
forgery
would
imply
breaking
the
cipher’s
PRP
security
in
the
related
construction.
PMAC
is
related
to
other
MAC
families,
such
as
CMAC
and
OMAC,
but
is
designed
to
exploit
parallel
computation
more
effectively,
making
it
attractive
for
implementations
that
benefit
from
parallel
processing.
like
AES.
It
is
used
for
data
integrity
and
authentication
in
protocols
and
storage
systems,
alongside
other
MAC
schemes.
See
also
CMAC,
OMAC,
and
GMAC.