NIST logo

Publication Citation: Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks

NIST Authors in Bold

Author(s): John M. Kelsey; Praveen Gauravaram;
Title: Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks
Published: April 17, 2008
Abstract: We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value.  We show that these Damgaard-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of {Dean: 1999, Kelsey:2005} and the herding attack of {Kelsey:2006}.
Conference: RSA Conference 2008, Cryptographers' Track
Proceedings: RSA Cryptographers' Track 2008
Pages: 16 pp.
Location: San Francisco, CA
Dates: April 8-11, 2008
Keywords: Cascade hash; Damgaard-Merkle construction; hash functions; herding attack; multicollision; second preimage
Research Areas: Information Processing Systems
PDF version: PDF Document Click here to retrieve PDF version of paper (399KB)