To use, without modifications, available hash functions.
To preserve the original performance of the hash function without incurring a significant degradation.
To use and handle keys in a simple way.
To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required.
To have a well-understood cryptographic analysis of the strength of the authentication mechanism based on reasonable assumptions on the embedded hash function.