We consider the security of Damgård-Merkle variants which compute linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value. We show that these Damgård-Merkle variants gain almost no security against generic attacks such as the long-message second preimage attacks of [10,21] and the herding attack of [9]. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Gauravaram, P., & Kelsey, J. (2008). Linear-XOR and additive checksums don’t protect Damgård-Merkle hashes from generic attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4964 LNCS, pp. 36–51). https://doi.org/10.1007/978-3-540-79263-5_3
Mendeley helps you to discover research relevant for your work.