Generalizing the herding attack to concatenated hashing schemes

Orr Dunkelman, Bart Preneel

Research output: Contribution to conferencePaperpeer-review


In this paper we extend the herding attacks for concatenated hash functions, i.e., hash functions of the form h(x) = h1(x)||h2(x). Our results actually apply a much larger set of hash functions. We show that even when the compression function of h (·) can be written as two (or more) data paths, where one data path is not affected by the second (while the second may depend on the first), then the generalized herding attack can be applied. This result along with Joux's original observations show that schemes that aim to improve the resistance of hash functions against these attacks, must use diffusion between the various data paths.
Original languageEnglish
Number of pages14
StatePublished - 1 Jan 2007
Externally publishedYes

Bibliographical note

ECRYPT's hash function workshop 2007, Barcelona


Dive into the research topics of 'Generalizing the herding attack to concatenated hashing schemes'. Together they form a unique fingerprint.

Cite this