Gauravaram, P.
and Kelsey, J.
(2008),
Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks, Topics in Cryptology CT-RSA 2008 (Lecture Notes in Computer Science), San Francisco, CA, US, [online], https://doi.org/10.1007/978-3-540-79263-5_3, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51344
(Accessed October 10, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Linear-XOR and Additive Checksums Don t Protect Damgaard-Merkle Hashes from Generic Attacks
Published
Author(s)
Praveen Gauravaram,
Abstract
We consider the security of Damgaard-Merkle variants which computer linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value. We show that these Damgaard-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of Dean: 1999, Kelsey:2005} and the herding attack of Kelsey:2006}.Proceedings Title
Topics in Cryptology CT-RSA 2008 (Lecture Notes in Computer Science)
Volume
4964
Conference Dates
April 8-11, 2008
Conference Location
San Francisco, CA, US
Conference Title
RSA Conference 2008, Cryptographers' Track
Pub Type
Conferences
Download Paper
Keywords
Cascade hash, Damgaard-Merkle construction, hash functions, herding attack, multicollision, second preimage
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created April 16, 2008, Updated October 12, 2021