Paper 2010/409
The collision security of Tandem-DM in the ideal cipher model
Jooyoung Lee, Martijn Stam, and John Steinberger
Abstract
We prove that Tandem-DM, one of the two ``classical'' schemes for turning a blockcipher of $2n$-bit key into a double block length hash function, has birthday-type collision resistance in the ideal cipher model. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009. As we detail, however, the latter analysis is wrong, thus leaving the collision resistance of Tandem-DM as an open problem until now.
Note: The ProvSec`10 paper is discussed in Appendix
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- hash functionsblock ciphers
- Contact author(s)
- jpsteinb @ gmail com
- History
- 2012-04-02: last of 6 revisions
- 2010-07-24: received
- See all versions
- Short URL
- https://ia.cr/2010/409
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2010/409,
author = {Jooyoung Lee and Martijn Stam and John Steinberger},
title = {The collision security of Tandem-{DM} in the ideal cipher model},
howpublished = {Cryptology {ePrint} Archive, Paper 2010/409},
year = {2010},
url = {https://eprint.iacr.org/2010/409}
}
