Authentication protocol using a keyed hash function: Alice and Bob share a secret key for a keyed hash function. The protocol is: Alice $\Rightarrow$ $m||h_{k}(m)$ $\Rightarrow$ Bob.
There are the following two methods: $h_{k}=E_{k}\circ h$ and $h_{k}=h\circ E_{k}$.
What are the advantages and disadvantages of the two protocols?
($E_{k}$ is a well designed one-key cipher and $h$ is a well-designed hash function. $\circ$ is function composition).
I was reading another question. And in our lecture notes, only the first one was mentioned, and the lecture notes says that if both components are well-designed, the first method should be secure. I have the following questions:
- Why would the first method be secure?
- What about the second method? The second was not mentioned in lecture notes, is it because it cannot be secure even if both components are secure?
Thanks!!
