Sciweavers

CRYPTO
2011
Springer

The Collision Security of Tandem-DM in the Ideal Cipher Model

12 years 11 months ago
The Collision Security of Tandem-DM in the Ideal Cipher Model
We prove that Tandem-DM, one of the two “classical” schemes for turning a blockcipher of 2n-bit key into a double block length hash function, has birthday-type collision resistance in the ideal cipher model. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009 [3]. As we detail, however, the latter analysis is wrong, thus leaving the collision resistance of Tandem-DM as an open problem until now.
Jooyoung Lee, Martijn Stam, John P. Steinberger
Added 18 Dec 2011
Updated 18 Dec 2011
Type Journal
Year 2011
Where CRYPTO
Authors Jooyoung Lee, Martijn Stam, John P. Steinberger
Comments (0)