Skip to main content

The Collision Security of Tandem-DM in the Ideal Cipher Model

Jooyoung Lee, Martijn Stam, John Steinberger, The Collision Security of Tandem-DM in the Ideal Cipher Model. Advances in Cryptology - CRYPTO 2011. ISBN 978-3-642-22791-2, pp. 561–577. August 2011. No electronic version available. External information

Abstract

We prove that Tandem-DM, which is one of the two ``classical'' schemes for turning a blockcipher of $2n$-bit key into a double block length hash function, has birthday-type collision resistance in the ideal cipher model. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009. As we detail, however, the latter analysis is wrong, thus leaving the collision resistance of Tandem-DM as an open problem until now. Our analysis exhibits a novel feature in that we introduce a trick not used before in ideal cipher proofs.

Bibtex entry.

Contact details

Publication Admin