82 MAC algorithm list needs modification or clarification

Created: 03 Dec 2024

Status: Triage

Part: Part 5 (2023, Edition 1, IS)

Links:

Page: 39

Clause: 8.3.5.4.5

Paragraph: 2

Issue

The list of mandatory MAC algorithms contains both HMAC-SHA3-256 and BLAKE2s. Since, as indicated in RFC-7693 Section 1 "BLAKE2 does not require a special "HMAC" (Hashed Message Authentication Code) construction for keyed message authentication as it has a built-in keying mechanism", support for this will require using the BLAKE2 builtin keying. If this is the case then HMAC-SHA3-256 should be changed to KMAC256 for consistency in compliance with NIST.SP.800-185.

If, on the other hand, the intent was for HMAC-BLAKE2s instead of BLAKE2s then the MAC list should be changed to reflect this so that developers do not use the builtin BLAKE2s keying mechanism.

Whatever change is made it should also be reflected in to section 8.4.2.4.4 on page 72 for the Data Protection Algorithm list.

Proposal

Proposed solution.

Either
A) change BLAKE2s to HMAC-BLAKE2s or
B) change HMAC-SHA3-256 to KMAC256.

Discussion	Created	Status
It should be noted that this table was essentially ported into the SAv6 standard (in work), and the same issue was raised with that group. If there is a desire for consistency across specifications, then coordinating the resolution between the two groups should be considered.	06 Dec 24	Triage
I agree. Back in 2021 I mailed about this in the TF that was working on Part 5. I also proposed to use KMAC instead of HMAC-SHA3. My idea was not accepted by the group. Personally I am still in favor of moving away from the HMAC construct if it is not needed because it adds unnecessary complexity. So, I am in favor of option B.	05 Dec 24	Triage

Privacy | Contact | Disclaimer

Tissue DB v. 25.7.7.1