| Author(s): |
John M. Kelsey; Praveen Gauravaram; |
| Title: |
Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks |
| Published: |
April 17, 2008 |
| Abstract: |
We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value. We show that these Damgaard-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of {Dean: 1999, Kelsey:2005} and the herding attack of {Kelsey:2006}. |
| Conference: |
RSA Conference 2008, Cryptographers' Track |
| Proceedings: |
RSA Cryptographers' Track 2008 |
| Pages: |
16 pp. |
| Location: |
San Francisco, CA |
| Dates: |
April 8-11, 2008 |
| Keywords: |
Cascade hash; Damgaard-Merkle construction; hash functions; herding attack; multicollision; second preimage |
| Research Areas: |
Information Processing Systems |
| PDF version: |
 Click here to retrieve PDF version of paper (390KB) |
