NIST logo

Publication Citation: Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks

NIST Authors in Bold

Author(s): Praveen Gauravaram; John M. Kelsey;
Title: Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks
Published: April 17, 2008
Abstract: We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value.  We show that these Damgaard-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of {Dean: 1999, Kelsey:2005} and the herding attack of {Kelsey:2006}.
Conference: RSA Conference 2008, Cryptographers' Track
Proceedings: Topics in Cryptology ‹ CT-RSA 2008 (Lecture Notes in Computer Science)
Volume: 4964
Pages: pp. 36 - 51
Location: San Francisco, CA
Dates: April 8-11, 2008
Keywords: Cascade hash; Damgaard-Merkle construction; hash functions; herding attack; multicollision; second preimage
Research Areas: Information Processing Systems
DOI: http://dx.doi.org/10.1007/978-3-540-79263-5_3  (Note: May link to a non-U.S. Government webpage)
PDF version: PDF Document Click here to retrieve PDF version of paper (399KB)