[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-82695-en":3,"doc-seo-82695-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},82695,4810365810221,"Aurora","https://ap-avatar.wpscdn.com/davatar_155a257f0dc6eb9ab79c44ca47cae57d",8,"Research & Report","Git Hash Chain Malleability","Git commit signing is used to guarantee that a commit hash uniquely and immutably identifies signed content. This work shows the guarantee fails: with a valid signed commit, an attacker lacking the signing key and without breaking SHA2 can create a second, distinct commit that preserves the tree, metadata, signature validity, and the “Verified” status on Git forges while changing only the commit hash. The altered signature reshapes all subsequent dependent hashes, introducing “hash chain malleability.”","arXiv :2607 .02820v 1 [ cs .CR] 2 Jul 2026  \nGit Hash Chain Malleability  \nJacob Ginesin  \nCarnegie Mellon University [ginesin@cmu.edu](ginesin@cmu.edu)  \nAbstract  \nGit commit signing is widely entrusted to serve as evidence that a commit hash uniquely and immutably identifies a specific piece of signed content. We show this invariant does not hold. Given any signed commit, an attacker without access to the signing key, and without breaking SHA2 can produce a second, distinct commit with an identical tree, identical metadata, a valid signature, and a “Verified” badge from a Git Forge such as Github, differing only in its commit hash. The modified commit cascades to modify the values of all the subsequent, dependent commit hashes, hence we introduce the terminology “hash chain malleability”to describe this phenomenon. The malleability in signed Git hashes is feasible due to the inherent malleability present in many of the data representations that make up a commit. In this paper we show three such malleation routes: (i) algebraic inversion 􀁂 ↦→ 􀀽 − 􀁂 for ECDSA; (ii) structural insertion of an unhashed OpenPGP subpacket (RFC 4880 §5.2.3) for RSA and EdDSA; and (iii) non-canonical DER length re-encoding (X.690 §10.1) inside the CMS envelope for S/MIME. Algebraic inversion for ECDSA signatures and subpacket insertion were found to pass local verification (git verify-commit), and all three methods yield a persistent, independent “Verified” record on Github. We discuss the consequences of Git hash chain malleation for hash-based commit blocking, dependency pinning (Nixpkgs, Go modules, Github Actions), and reproducible-build systems that treat the commit hash as a content-addressable primary key, and we provide proof-of-concept tooling that automates all three routes.  \n1 Introduction  \nGit identifies every object by the hash of its serialized content. For a commit, this hash covers the tree, the parent list, author, and committer metadata, the commit message, and—crucially—the raw bytes of any embedded signature. Because the hash is a deterministic function of these bytes, the commit hash is routinely relied upon as a globally unique, immutable, content-addressable identifier: CI pipelines pinto them, dependency managers lock to them, and incident-response tooling blocks or reverts by them. Quoting Git’s own documentation:  \n“Using a cryptographically secure hash function brings additional advantages: Object names can be signed and third parties can trust the hash to address the signed object and all objects it references.”  \n—Git’s hash-function-transition documentation [6]  \nCommit signing is intended to strengthen the trust placed into the subject commit hash. A signature over a commit payload intends to act as a verifiable, unforgeable method for tracking contribution provenance; therefore, projects or ecosystems sensitive to supply-chain security vulnerabilities oftentimes enforce its adoption. Indeed, a post-mortem of the recent trivy-action supply-chain compromise showed that malicious commits uploaded in-place of the original commits were distinguished by their signature validity [2], directly demonstrating the utility and security benefit of signing commits.  \nIn this note, we show that signature validity and hash uniqueness interact in a way their consumers do not necessarily expect.  \nDigital signature schemes oftentimes admit malleability: given a valid signature, one can often derive a second, syntactically distinct signature that verifies against the same message and key without knowledge of the private key. Applied to a signed commit, malleation changes the signature bytes, and hence the commit hash, while preserving both the content and the verification result. The malleated commit cascades to malleate the values of all the subsequent, dependent commit hashes, hence we introduce the terminology to describe this phenomenon:“hash chain malleability.”  \nIn this note, we make the following contributions:  \n• We charact","cbCaiaDcEAsvKK3J","https://ap.wps.com/l/cbCaiaDcEAsvKK3J","pdf",217623,1,5,"English","en",105,"# Introduction\n## Hashes and commit signing\n## Signature malleability and the proposed term\n# Background\n## Commit serialization and signed payloads","[{\"question\":\"What is “hash chain malleability” in signed Git commits?\",\"answer\":\"It is the phenomenon where changing signature bytes in a signed commit changes the commit hash and then cascades to all subsequent dependent commit hashes, while keeping verification valid and the verified status unchanged.\"},{\"question\":\"How can an attacker produce a different commit hash without breaking SHA2 or the signing key?\",\"answer\":\"By exploiting signature malleability: the attacker derives syntactically distinct yet valid signatures and injects or re-encodes signature-related data so the signature still verifies but the embedded signature bytes differ, resulting in a different commit hash.\"},{\"question\":\"What are the consequences for systems that treat commit hashes as primary identifiers?\",\"answer\":\"Hash-based blocking, dependency pinning mechanisms, and reproducible-build verification can be undermined because multiple commits with the same effective content can end up with different hashes while still showing a persistent “Verified” record.\"}]",1784182346,13,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"git-hash-chain-malleability","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/git-hash-chain-malleability/82695/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"What is “hash chain malleability” in signed Git commits?","Question",{"text":75,"@type":76},"It is the phenomenon where changing signature bytes in a signed commit changes the commit hash and then cascades to all subsequent dependent commit hashes, while keeping verification valid and the verified status unchanged.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"How can an attacker produce a different commit hash without breaking SHA2 or the signing key?",{"text":80,"@type":76},"By exploiting signature malleability: the attacker derives syntactically distinct yet valid signatures and injects or re-encodes signature-related data so the signature still verifies but the embedded signature bytes differ, resulting in a different commit hash.",{"name":82,"@type":73,"acceptedAnswer":83},"What are the consequences for systems that treat commit hashes as primary identifiers?",{"text":84,"@type":76},"Hash-based blocking, dependency pinning mechanisms, and reproducible-build verification can be undermined because multiple commits with the same effective content can end up with different hashes while still showing a persistent “Verified” record.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,109,114,119,122,127,130,134],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":21,"doc_module":4,"doc_module_name":45,"category_name":106,"show_sort_weight":107,"slug":108},"Comic",60,"comic",{"id":110,"doc_module":4,"doc_module_name":45,"category_name":111,"show_sort_weight":112,"slug":113},6,"Technology",50,"technology",{"id":115,"doc_module":4,"doc_module_name":45,"category_name":116,"show_sort_weight":117,"slug":118},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":120,"slug":121},30,"research-report",{"id":123,"doc_module":4,"doc_module_name":45,"category_name":124,"show_sort_weight":125,"slug":126},9,"Religion & Spirituality",20,"religion-spirituality",{"id":125,"doc_module":4,"doc_module_name":45,"category_name":128,"show_sort_weight":125,"slug":129},"World Cup","world-cup",{"id":131,"doc_module":4,"doc_module_name":45,"category_name":132,"show_sort_weight":131,"slug":133},10,"Lifestyle","lifestyle",{"id":135,"doc_module":4,"doc_module_name":45,"category_name":136,"show_sort_weight":21,"slug":137},19,"General","general"]