Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks

Published

Author(s)

Praveen Gauravaram, John M. Kelsey

Abstract

We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value.  We show that these Damgaard-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of Dean: 1999, Kelsey:2005} and the herding attack of Kelsey:2006}.
Proceedings Title
Topics in Cryptology – CT-RSA 2008 (Lecture Notes in Computer Science)
Volume
4964
Conference Dates
April 8-11, 2008
Conference Location
San Francisco, CA, US
Conference Title
RSA Conference 2008, Cryptographers' Track

Keywords

Cascade hash, Damgaard-Merkle construction, hash functions, herding attack, multicollision, second preimage

Citation

Gauravaram, P. and Kelsey, J. (2008), Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks, Topics in Cryptology – CT-RSA 2008 (Lecture Notes in Computer Science), San Francisco, CA, US, [online], https://doi.org/10.1007/978-3-540-79263-5_3, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51344 (Accessed March 29, 2024)
Created April 16, 2008, Updated October 12, 2021