Hash Functions, Message Authentication Codes (MACs),and Authenticated Encryption

Goals

  • Understand basics of how hash functions operate and rank their potential properties
  • Connect hash functions to password safety and message integrity
  • Define message integrity
  • Prove the security of MAC constructions
  • Explain why authenticated encryption is necessary and how to achieve it

Hash Functions

  • What is the definition of a hash function?
    • Do hash functions have keys?
  • What are four properties a cryptographic function might have?
    • How are those properties related?
  • What are some hash functions that are non-cryptographic?
    • Which cryptographic hash functions are currently considered secure? Insecure?
  • How does the Merkle-Damgard construction build a hash function?
    • What property is needed from the compression function?
  • Why is the strongest collision-resistance guarantee secure only against 2^{n/2} hashes (for a hash that outputs n bits)?
    • What’s the connection to the Birthday Paradox?
  • How can hash functions be used to strengthen password-based systems?

Message Integrity

  • What ingredients are necessary for a MAC?
  • Define the MAC security game
  • Can we define a secure MAC using a PRF?
  • How are variable-length MACs constructed?
  • How do MACs deal with padding?
    • What can go wrong?
  • Why do straightforward applications of hashes to construct MACs fail?

Authenticated Encryption

  • Why do we need authenticated encryption?
  • Why is IND-CPA a limited notion of secrecy?
  • Which combination of MAC-then-encrypt, encrypt-then-MAC, or encrypt-and-MAC is most likely to be secure?
  • Define the authenticated-encryption game
    • What properties does AE imply?
  • Define the ciphertext integrity game
  • What is AEAD?