Skip to Main content Skip to Navigation
Conference papers

Herding, Second Preimage and Trojan Message Attacks Beyond Merkle-Damgaard

Abstract : In this paper we present new attack techniques to analyze the structure of hash functions that are not based on the classical Merkle-Damgaard̊ construction. We extend the herding attack to concatenated hashes, and to certain hash functions that process each message block several times. Using this technique, we show a second preimage attack on the folklore “hash-twice” construction which process two concatenated copies of the message. We follow with showing how to apply the herding attack to tree hashes. Finally, we present a new type of attack — the trojan message attack, which allows for producing second preimages of unknown messages (from a small known space) when they are appended with a fixed suffix.
Document type :
Conference papers
Complete list of metadatas

Cited literature [18 references]  Display  Hide  Download
Contributor : Charles Bouillaguet <>
Submitted on : Thursday, September 17, 2009 - 12:41:04 AM
Last modification on : Tuesday, September 22, 2020 - 3:57:55 AM
Long-term archiving on: : Tuesday, October 16, 2012 - 11:01:05 AM


Files produced by the author(s)


  • HAL Id : inria-00417798, version 1



Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, John Kelsey. Herding, Second Preimage and Trojan Message Attacks Beyond Merkle-Damgaard. SAC, Aug 2009, Calgary, Canada. 22p. ⟨inria-00417798⟩



Record views


Files downloads