Hash Functions, Message Authentication Codes (MACs),and Authenticated Encryption
Goals
- Understand basics of how hash functions operate and rank their potential properties
- Connect hash functions to password safety and message integrity
- Define message integrity
- Prove the security of MAC constructions
- Explain why authenticated encryption is necessary and how to achieve it
Hash Functions
- What is the definition of a hash function?
- Do hash functions have keys?
- What are four properties a cryptographic function might have?
- How are those properties related?
- What are some hash functions that are non-cryptographic?
- Which cryptographic hash functions are currently considered secure? Insecure?
- How does the Merkle-Damgard construction build a hash function?
- What property is needed from the compression function?
- Why is the strongest collision-resistance guarantee secure only
against 2^{n/2} hashes (for a hash that outputs n bits)?
- What’s the connection to the Birthday Paradox?
- How can hash functions be used to strengthen password-based systems?
Message Integrity
- What ingredients are necessary for a MAC?
- Define the MAC security game
- Can we define a secure MAC using a PRF?
- How are variable-length MACs constructed?
- How do MACs deal with padding?
- Why do straightforward applications of hashes to construct MACs fail?
Authenticated Encryption
- Why do we need authenticated encryption?
- Why is IND-CPA a limited notion of secrecy?
- Which combination of MAC-then-encrypt, encrypt-then-MAC, or
encrypt-and-MAC is most likely to be secure?
- Define the authenticated-encryption game
- What properties does AE imply?
- Define the ciphertext integrity game
- What is AEAD?