Published: April 17, 2008
Author(s)
Praveen Gauravaram, John Kelsey
Conference
Name: The Cryptographers’ Track at the RSA Conference 2008
Dates: April 8-11, 2008
Location: San Francisco, California, United States
Citation: Topics in Cryptology - CT-RSA 2008, Lecture Notes in Computer Science vol. 4964, pp. 36-51
Announcement
We consider the security of Damgård-Merkle variants which compute linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value. We show that these Damgård-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of {Dean: 1999, Kelsey:2005} and the herding attack of {Kelsey:2006}.
We consider the security of Damgård-Merkle variants which compute linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value. We show that these Damgård-Merkle variants gain almost no security against...
See full abstract
We consider the security of Damgård-Merkle variants which compute linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value. We show that these Damgård-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of {Dean: 1999, Kelsey:2005} and the herding attack of {Kelsey:2006}.
Hide full abstract
Keywords
Cascade hash; Damgaard-Merkle construction; hash functions; herding attack; multicollision; second preimage
Control Families
None selected