Confirmation that some hash functions are not collision free
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Formal aspects of mobile code security
Formal aspects of mobile code security
Hash functions based on block ciphers
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A survey of recent developments in cryptographic algorithms for smart cards
Computer Networks: The International Journal of Computer and Telecommunications Networking
MAME: A Compression Function with Reduced Hardware Requirements
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Looking Back at a New Hash Function
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Preimages for Reduced SHA-0 and SHA-1
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Slide Attacks on a Class of Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Fill Up Merkle-Damgård Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Twister --- A Framework for Secure and Fast Hash Functions
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
The State of Hash Functions and the NIST SHA-3 Competition
Information Security and Cryptology
On the Weak Ideal Compression Functions
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Domain extension of public random functions: beyond the birthday Barrier
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Seven-property-preserving iterated hashing: ROX
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
On the indifferentiability of the sponge construction
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Second preimage attacks on dithered hash functions
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Analysis of Zipper as a hash function
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Getting the best out of existing hash functions; or what if we are stuck with SHA?
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Linear-XOR and additive checksums don't protect Damgård-Merkle hashes from generic attacks
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
On hashing with tweakable ciphers
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
TWISTERπ – a framework for secure and fast hash functions
International Journal of Applied Cryptography
Combinatorial multicollision attacks on generalized iterated hash functions
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
Domain extension for enhanced target collision-resistant hash functions
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Another look at complementation properties
FSE'10 Proceedings of the 17th international conference on Fast software encryption
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Some observations on indifferentiability
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Preimage attacks against variants of very smooth hash
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Linear analysis of reduced-round cubehash
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Variants of multicollision attacks on iterated hash functions
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Increasing the flexibility of the herding attack
Information Processing Letters
Multi-property-preserving domain extension using polynomial-based modes of operation
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Provable chosen-target-forced-midfix preimage resistance
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Cryptanalyses on a merkle-damgård based MAC -- almost universal forgery and distinguishing-h attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
On the complexity of the herding attack and some related attacks on hash functions
Designs, Codes and Cryptography
Chosen-prefix collisions for MD5 and applications
International Journal of Applied Cryptography
Multicollisions and graph-based hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
| Hi-index | 0.00 |
In this paper, we develop a new attack on Damgård-Merkle hash functions, called the herding attack, in which an attacker who can find many collisions on the hash function by brute force can first provide the hash of a message, and later “herd” any given starting part of a message to that hash value by the choice of an appropriate suffix. We focus on a property which hash functions should have–Chosen Target Forced Prefix (CTFP) preimage resistance–and show the distinction between Damgård-Merkle construction hashes and random oracles with respect to this property. We describe a number of ways that violation of this property can be used in arguably practical attacks on real-world applications of hash functions. An important lesson from these results is that hash functions susceptible to collision-finding attacks, especially brute-force collision-finding attacks, cannot in general be used to prove knowledge of a secret value.