Posts
/ #POST-219429
REDDIT
Is it correct to state that the Pedersen hash system isn t vulnerable to length extension attack as long as the inputs are a multiple of the number of window s bits?
The original description can be found [here](https://iden3-docs.readthedocs.io/en/latest/iden3_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.html). I m studying the hash for existing systems still using it (the input is then at least 496bits long).
My understanding though is if there s no padding, then it s impossible to find collisions through length extension thus leaving only finding discrete logarithm.
Is it correct.