IACR paper details
Title | On the Security of Tandem-DM |
---|
Booktitle | IACR Eprint archive |
---|
Pages | |
---|
Year | 2009 |
---|
URL | http://eprint.iacr.org/2009/054 |
---|
Author | Ewan Fleischmann |
---|
Author | Michael Gorski |
---|
Author | Stefan Lucks |
---|
Abstract |
We provide the first proof of security for Tandem-DM one of the oldest and most well-known constructions for turning a blockcipher with n-bit blocklength and 2n-bit keylength into a 2n-bit cryptographic hash function.
We prove, that when Tandem-DM is instantiated with AES-256, i.e. blocklength 128 bits and keylength 256 bits, any adversary that asks less than 2^{120.4} queries cannot find a collision with success probability greater than 1/2. We also prove a bound for preimage resistance of Tandem-DM.
Interestingly, as there is only one practical construction known (FSE'06, Hirose) turning such an (n,2n)-bit blockcipher into a 2n-bit compression function that has provably birthday-type collision resistance, Tandem-DM is one out of two structures that possess this desirable feature.
|
---|
Search for the paper
@misc{eprint-2009-18217,
title={On the Security of Tandem-DM},
booktitle={IACR Eprint archive},
keywords={secret-key cryptography / hash function, blockcipher based, proof of security, double block length, ideal cipher},
url={http://eprint.iacr.org/2009/054},
note={an extended abstract of this paper will appear at FSE 2009 proceedings, this is the full version ewan.fleischmann@uni-weimar.de 14279 received 3 Feb 2009, last revised 4 Feb 2009},
author={Ewan Fleischmann and Michael Gorski and Stefan Lucks},
year=2009
}
Download a complete BibTeX file.