# [Crypto] Hash of a ciphertext

## Solution 1:

No.

Any adversary could simply perform the hash themselves and so you are providing them with no additional resources.

## Solution 2:

Would hashing a ciphertext (so $H(Enc(pk,m))$) compromise it in any way if both schemes are secure by themselves? This doesn't seem to be the case but I couldn't find a definitive answer.

I can read this two ways

**You only reveal the $H(Enc(pk,m))$ to the attackers;**then the attackers need to execute pre-image attack on the secure hash function to find $Enc(pk,m)$. This can be executed with some pre-known plaintext since the key is public or can be executed with the generic pre-image attack.

**If the public key is Ind-CPA secure, then the search will fail.**

You will send your message as encrypt then hash $C = (Enc(pk,m) \mathbin\|H(Enc(pk,m)))$

In this case,

**the hash doesn't provide any authentication**. Since the attacker can calculate an encryption $Enc(pk,m')$ of the message $m'$ of their choice and hash it to send on their advantage $$C' = (Enc(pk,m') \mathbin\|H(Enc(pk,m')))$$. This is vary dangerous and can have catastrophic results.**This will not reveal the original message, however, in public-key cryptography, the encryption is free therefore to mitigate either a digital signature is required to a mutual authentication like HMAC.**