NIST logo

Publications Portal

You searched on: Author: john kelsey

Displaying records 11 to 16.
Resort by: Date / Title

11. Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks
Published: 4/17/2008
Authors: Praveen Gauravaram, John M Kelsey
Abstract: We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value.  We show that these Damgaard-M ...

12. Second Preimage Attacks on Dithered Hash Functions
Published: 4/17/2008
Authors: Elena Andreeva, Charles Bouillaguet, Pierre-Alain Fouque, Jonathan J. Hoch, John M Kelsey, Adi Shamir, Sebastien Zimmer
Abstract: We develop a new generic long-message second preimage attack, based on combining the techniques in the second preimage attacks of Dean {Dean99} and Kelsey and Schneier {KS05} with the herding attack of Kelsey and Kohno {KK06}. We show that these gen ...

13. Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised)
Series: Special Publication (NIST SP)
Report Number: 800-90
Published: 3/14/2007
Authors: Elaine B Barker, John M Kelsey
Abstract: [Superseded by SP 800-90A (January 2012):] This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on e ...

14. Herding Hash Functions and the Nostradamus Attack
Published: 5/28/2006
Authors: John M Kelsey, Tadayoshi Kohno
Abstract: In this paper, we develop a new attack on Damgaard-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of message, and later ``herd'' any g ...

15. Collisions and Near-Collisions for Reduced-Round Tiger
Published: 3/1/2006
Authors: John M Kelsey, Stefan Lucks
Abstract: We describe a collision-finding attack on 16 rounds of the Tiger hash function requiring the time for about 244 compression function invocations. This extends to a collision-finding attack on 17 rounds of the Tiger hash function in time of about 249 ...

16. Second Primages on n-bit Hash Functions for Much Less than 2n Work
Published: 5/1/2005
Authors: John M Kelsey, B Schneier
Abstract: We expand a previous result of Dean[Dea99] to provide a second preimage attack on all n-bit iterated hash functions with Damgard-Merkle strengthening and n-bit intermediate states, allowing a second preimage to be found for a 2k-message-block messag ...

Search NIST-wide:

(Search abstract and keywords)

Last Name:
First Name:

Special Publications:

Looking for a NIST Special Publication (NIST SP Series)? Place the series number and dash in the report number field (Example: 800-) and begin your search.

  • SP 250-XX: Calibration Services
  • SP 260-XX: Standard Reference Materials
  • SP 300-XX: Precision Measurement and Calibration
  • SP 400-XX: Semiconductor Measurement Technology
  • SP 480-XX: Law Enforcement Technology
  • SP 500-XX: Computer Systems Technology
  • SP 700-XX: Industrial Measurement Series
  • SP 800-XX: Computer Security Series
  • SP 823-XX: Integrated Services Digital Network Series