Universal Hash-Function Families: From Hashing to Authentication

Abstract

Due to their potential use as building blocks for constructing highly efficient message authentication codes (MACs), universal hash-function families have been attracting increasing research attention, both from the design and analysis points of view. In universal hash-function families based MACs, the message to be authenticated is first compressed using a universal hash function and, then, the compressed image is encrypted to produce the authentication tag. Many definitions of universal hash families have appeared in the literature. The main focus of earlier definitions is to classify universal hash functions based on their message collision properties. In this paper, we introduce a different classification of universal hash families. As opposed to classifying universal hash families based on message collision probabilities, our classification aims to give direct relation between universal hash families used as building blocks to design MACs and the encryption algorithm used to process their hashed images. We give two examples of universal hash families with equivalent collision resiliency. We show that, while one constructs secure MACs, the other can lead to insecure MAC construction even when coupled with an encryption algorithm that provides perfect secrecy (in Shannon’s sense). We formally define two classes of universal hash families: independent and dependent universal hash families. We show that, while independent universal hash families provide the desired unforgeability independently of the used encryption algorithm, the security of MACs based on dependent universal hash families is not guaranteed for all choices of encryption algorithms. We conclude by giving a sufficient condition on the encryption algorithm that guarantees the construction of secure MACs, even when combined with a dependent hash family.