The Collision Security of Tandem-DM in the Ideal Cipher Model

The authors prove that Tandem-DM, one of the two "Classical" schemes for turning a blockcipher of 2n-bit key into a double block length hash function, has birthday-type collision resistance in the ideal cipher model. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009. As they detail, however, the latter analysis is wrong, thus leaving the collision resistance of Tandem-DM as an open problem until now.

Provided by: Tsinghua University Topic: Security Date Added: Oct 2010 Format: PDF

Find By Topic