Hash Functions, Message Authentication Codes (MACs),and Authenticated Encryption

Goals

• Understand basics of how hash functions operate and rank their potential properties
• Connect hash functions to password safety and message integrity
• Define message integrity
• Prove the security of MAC constructions
• Explain why authenticated encryption is necessary and how to achieve it

Hash Functions

• What is the definition of a hash function?
  • Do hash functions have keys?
• What are four properties a cryptographic function might have?
  • How are those properties related?
• What are some hash functions that are non-cryptographic?
  • Which cryptographic hash functions are currently considered secure? Insecure?
• How does the Merkle-Damgard construction build a hash function?
  • What property is needed from the compression function?
• Why is the strongest collision-resistance guarantee secure only against 2^{n/2} hashes (for a hash that outputs n bits)?
  • What’s the connection to the Birthday Paradox?
• How can hash functions be used to strengthen password-based systems?

Message Integrity

• What ingredients are necessary for a MAC?
• Define the MAC security game
• Can we define a secure MAC using a PRF?
• How are variable-length MACs constructed?
• How do MACs deal with padding?
  • What can go wrong?
• Why do straightforward applications of hashes to construct MACs fail?

Authenticated Encryption

• Why do we need authenticated encryption?
• Why is IND-CPA a limited notion of secrecy?
• Which combination of MAC-then-encrypt, encrypt-then-MAC, or encrypt-and-MAC is most likely to be secure?
• Define the authenticated-encryption game
  • What properties does AE imply?
• Define the ciphertext integrity game
• What is AEAD?