Our hash family was created by taking a random binary k by m matrix H and then taking any x (represented as an m-bit string) as the input. h(x) was then computed as Hx (i.e. righthand multiplication of H by x) in the field GF(2^m). In other words, the multiplications were essentially bitwise ANDs and the additions were bitwise XORs.
We omitted the proof that this scheme was 2^{-k}-XU2, but it was included in the handout, which is on-line.
Next we introduced the notion of a MAC, and explained why encryption was not a solution to the authenticity problem. We introduced the Wegman-Carter MAC, gave an example, and then proved that no adversary could forge messages with more than a 2^{-k} chance.
The procedure for the Wegman-Carter MAC was as follows: assume Alice and Bob (hereafter referred to as A and B) each have secret copies of an infinitely long tape containing random bits. Then do the following:
(1) Select a hash function h from a 2{-k}-XU2 family of hash functions.
(2) Divide the tape A, into k-bit strings, a_1, a_2, etc...
(3) Set the state counter to i = -1
Now to MAC a message we do the following:
MACG(x) = (++i, a_i \xor h(x))
and to verify, we just re-compute the MAC:
MACV(x, (i,t)) {if (t == a_i \xor h(x)) output GOOD else output BAD}