Cryptology ePrint Archive: Report 2010/409

The collision security of Tandem-DM in the ideal cipher model

Jooyoung Lee and Martijn Stam and John Steinberger

Abstract: We prove that Tandem-DM, one of the two ``classical'' schemes for turning a blockcipher of $2n$-bit key into a double block length hash function, has birthday-type collision resistance in the ideal cipher model. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009. As we detail, however, the latter analysis is wrong, thus leaving the collision resistance of Tandem-DM as an open problem until now.

Category / Keywords: secret-key cryptography / hash functions, block ciphers

Date: received 22 Jul 2010, last revised 2 Apr 2012

Contact author: jpsteinb at gmail com

Available format(s): PDF | BibTeX Citation

Note: The ProvSec`10 paper is discussed in Appendix

Version: 20120402:134624 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]