In cryptography, a message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authenticating and integrity-checking a message. In other words, it is used to confirm that the message came from the stated sender (its authenticity) and has not been changed (its integrity). The MAC value allows verifiers (who also possess a secret key) to detect any changes to the message content.

The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications to distinguish it from the use of the latter as Media Access Control address (MAC address). However, some authors use MIC to refer to a message digest, which aims only to uniquely but opaquely identify a single message. However, it is recommended to avoid the term message integrity code (MIC), and instead use checksum, error detection code, hash, keyed hash, message authentication code, or protected checksum.

Informally, a message authentication code system consists of three algorithms:

A secure message authentication code must resist attempts by an adversary to forge tags, for arbitrary, selected, or all messages, including under conditions of known- or chosen-message. It should be computationally infeasible to compute a valid tag of the given message without knowledge of the key, even if for the worst case, we assume the adversary knows the tag of any message but the one in question.

Formally, a message authentication code (MAC) system is a triple of efficient algorithms (G, S, V) satisfying:

S and V must satisfy the following:

A MAC is unforgeable if for every efficient adversary A

where A^{S(k, · )} denotes that A has access to the oracle S(k, · ), and Query(A^{S(k, · )}, 1ⁿ) denotes the set of the queries on S made by A, which knows n. Clearly we require that any adversary cannot directly query the string x on S, since otherwise a valid tag can be easily obtained by that adversary.