The Security of Tandem-DM in the Ideal Cipher Model
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lee, Jooyoung | ko |
| dc.contributor.author | Steinberger, John | ko |
| dc.contributor.author | Stam, Martijn | ko |
| dc.date.accessioned | 2018-01-22T02:07:09Z | - |
| dc.date.available | 2018-01-22T02:07:09Z | - |
| dc.date.created | 2016-07-28 | - |
| dc.date.created | 2016-07-28 | - |
| dc.date.created | 2016-07-28 | - |
| dc.date.created | 2016-07-28 | - |
| dc.date.issued | 2017-04 | - |
| dc.identifier.citation | JOURNAL OF CRYPTOLOGY, v.30, no.2, pp.495 - 518 | - |
| dc.identifier.issn | 0933-2790 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/237216 | - |
| dc.description.abstract | We prove that Tandem-DM, one of the two "classical" schemes for turning an n-bit blockcipher of 2n-bit key into a double-block-length hash function, has birthday-type collision resistance in the ideal cipher model. For , an adversary must make at least blockcipher queries to achieve chance 0.5 of finding a collision. A collision resistance analysis for Tandem-DM achieving a similar birthday-type bound was already proposed by Fleischmann, Gorski and Lucks at FSE 2009. As we detail, however, the latter analysis is wrong, thus leaving the collision resistance of Tandem-DM as an open problem until now. Our analysis exhibits a novel feature in that we introduce a trick never used before in ideal cipher proofs. We also give an improved bound on the preimage security of Tandem-DM. For , we show that an adversary must make at least blockcipher queries to achieve chance 0.5 of inverting a randomly chosen point in the range. Asymptotically, Tandem-DM is proved to be preimage resistant up to blockcipher queries. This bound improves upon the previous best bound of queries and is optimal (ignoring log factors) since Tandem-DM has range of size . | - |
| dc.language | English | - |
| dc.publisher | SPRINGER | - |
| dc.title | The Security of Tandem-DM in the Ideal Cipher Model | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000394321300005 | - |
| dc.identifier.scopusid | 2-s2.0-84961797530 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 30 | - |
| dc.citation.issue | 2 | - |
| dc.citation.beginningpage | 495 | - |
| dc.citation.endingpage | 518 | - |
| dc.citation.publicationname | JOURNAL OF CRYPTOLOGY | - |
| dc.identifier.doi | 10.1007/s00145-016-9230-z | - |
| dc.contributor.localauthor | Lee, Jooyoung | - |
| dc.contributor.nonIdAuthor | Steinberger, John | - |
| dc.contributor.nonIdAuthor | Stam, Martijn | - |
| dc.description.isOpenAccess | N | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Blockcipher | - |
| dc.subject.keywordAuthor | Hash function | - |
| dc.subject.keywordAuthor | Collision resistance | - |
| dc.subject.keywordAuthor | Preimage resistance | - |
| dc.subject.keywordAuthor | Ideal cipher | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 1 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.