Keyed cryptographic (MAC)

UMAC & VMAC

Two universal-hash-based MACs from the early 2000s. UMAC by Black, Halevi, Krawczyk, Krovetz, and Rogaway (RFC 4418, 2006); VMAC by Krovetz and Dai (2007). When CPUs hit 32-bit and 64-bit multiply-add instructions, UMAC / VMAC briefly held the “fastest MAC in the world” crown. Today Poly1305 (portable) and GHASH (with CLMUL hardware) have taken that throne, and UMAC / VMAC live on mostly in legacy protocols.

How they differ

UMAC , 32-bit-friendly: NH (Carter-Wegman style universal hash) feeding a stream cipher. Output: 32, 64, 96, or 128 bits.
VMAC , 64-bit-tuned successor using a polynomial over F_p(2⁶¹ − 1). Same security philosophy as UMAC, much faster on 64-bit hardware.

At a glance

Designers	UMAC: Black, Halevi, Krawczyk, Krovetz, Rogaway (2000-2006). VMAC: Krovetz, Dai (2007)
Standard	UMAC: RFC 4418. VMAC: Internet-draft only.
Status	Mature, secure; outclassed by Poly1305 and GHASH on modern hardware

Where they show up today

SSH , umac-64@openssh.com and umac-128@openssh.com as available HMACs.
Cryptographic literature , foundational examples for universal-hash MAC analysis.
Some embedded crypto libraries.

vs Poly1305 / GHASH

All three are Carter-Wegman style: a fast universal hash combined with a per-nonce key from a block cipher / stream cipher. Poly1305 beats UMAC on portable code (no hardware needed). GHASH beats everything on CPUs with CLMUL (since 2010 Intel SSE4.2 / AES-NI Westmere). UMAC / VMAC are the historical bridge.

References

Quick quiz

Test yourself on umac-vmac

10 multiple-choice questions. Pick an answer for each, then submit to see explanations.

Q1.Which RFC specifies UMAC?
Q2.VMAC was published by:
Q3.Both UMAC and VMAC are:
Q4.UMAC output sizes:
Q5.VMAC is tuned for:
Q6.Which protocol uses umac-64@openssh.com or umac-128@openssh.com?
Q7.vs Poly1305 today:
Q8.VMAC's modulus:
Q9.Are UMAC / VMAC standardized in NIST?
Q10.Are UMAC / VMAC vulnerable to length-extension?