Assignment task: We studied that CBC$ and other modes are not IND-CCA secure.
Consider the following attempt to prevent IND-CCA attacks. We modify the encryption algorithm of CBC$that takes input message M , to encrypt M ?H(M ). Here H is some public keyless hash function mapping arbitrary length messages to block-size bitstrings. The decryption algorithm is as before but it does an additional check to compare if the last block is the hash of the previous blocks.
If so, the decryption algorithm returns the message M. If not, it returns an error. Prove that this modified scheme is still IND-CCA-insecure.