In　this　paper,　we　promote　Trojan　message　attacks　against　Merkle–Damgård　hash　functions　and　their　concatenation　combiner　in　quantum　settings　for　the　first　time.　Two　main　quantum　scenarios　are　considered,　involving　the　scenarios　where　a　substantial　amount　of　cheap　quantum　random　access　memory　(qRAM)　is　available　and　where　qRAM　is　limited　and　expensive　to　access.　We　first　discuss　the　construction　of　diamond　structures　and　analyze　the　corresponding　time　complexity　in　both　of　these　quantum　scenarios.　Secondly,　we　propose　quantum　versions　of　the　generic　Trojan　message　attacks　on　Merkle–Damgård　hash　functions　as　well　as　their　improved　versions　by　combining　with　diamond　structures　and　expandable　messages,　and　then　determine　their　cost.　Finally,　we　propose　Trojan　message　attack　against　Merkle–Damgård　hash　concatenation　combiner　in　quantum　setting.　The　results　show　that　Trojan　message　attacks　can　be　improved　significantly　with　quantum　computers　under　both　scenarios,　so　the　security　of　hash　constructions　in　classical　setting　requires　careful　re-evaluation　before　being　deployed　to　the　post-quantum　cryptography　schemes.　©　The　Author(s),　under　exclusive　licence　to　Springer　Science+Business　Media,　LLC,　part　of　Springer　Nature　2024.