Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
FSE
2009
Springer
2009
Springer
On the Security of Tandem-DM
Abstract. We provide the first proof of security for Tandem-DM, one of the oldest and most wellknown constructions for turning a blockcipher with n-bit blocklength and 2n-bit keylength into a 2n-bit cryptographic hash function. We prove, that when Tandem-DM is instantiated with AES-256, i.e. blocklength 128 bits and keylength 256 bits, any adversary that asks less than 2120.4 queries cannot find a collision with success probability greater than 1/2. We also prove a bound for preimage resistance of Tandem-DM. Interestingly, as there is only one practical construction known (FSE'06, Hirose) turning such an (n, 2n)-bit blockcipher into a 2n-bit compression function that has provably birthday-type collision resistance, Tandem-DM is one out of two structures that possess this desirable feature.
Real-time TrafficBirthday-type Collision Resistance | Cryptographic Hash Function | Cryptography | FSE 2009 | Keylength 256 Bits |
| Added | 25 Nov 2009 |
| Updated | 25 Nov 2009 |
| Type | Conference |
| Year | 2009 |
| Where | FSE |
| Authors | Ewan Fleischmann, Michael Gorski, Stefan Lucks |
Comments (0)
Researcher Info
|
