Lecture 7: Cryptographic Hashes and Message Authentication Codes (MACs)

• Slides
• Playlist (length: 57:30)

Cryptographic Hash Functions

(True/False) Given a cryptographic hash function and some x, it is hard to find x' such that H(x) = H(x')

True. This condition is an implication of collision resistance referred to as second pre-image resistance

Hash Function Applications

(True/False) The application presented relies on the one-way property of a cryptographic hash function

False. One-way doesn’t matter here since the file is public. We care about collision resistance to guarantee integrity of the file.

Integrity and Authentication

(True/False) Encryption only gives you confidentiality but not integrity or authentication.

True.

Message Authentication Codes (MACs)

(True/False) MACs ensure confidentiality and integrity

False. MACs do not ensure confidentiality.

AES-EMAC

(True/False) AES-EMAC is a secure MAC even if the k1 and k2 are identical

False. This is vulnerable to a forgery attack as Raluca explained

Authenticated Encryption

(True/False) If the MAC is over the plaintext message instead of the encrypted message, the described scheme still provides confidentiality, integrity, and authentication.

False. The MAC might leak the message violating confidentiality

Is AES-EMAC a hash function?

(True/False) AES-EMAC is a hash function if the key is kept private

False. It would no longer be a hash function since, by definition, a hash function is public

HMAC

(True/False) The underlying hash function must be collision resistant for the security of HMAC to hold

True