on the security of tandem dm
play

On the Security of Tandem-DM Ewan Fleischmann, Michael Gorski, - PowerPoint PPT Presentation

Jun 06, 2023 •213 likes •771 views

Outline Introduction Security of Tandem-DM Concluding Remarks On the Security of Tandem-DM Ewan Fleischmann, Michael Gorski, Stefan Lucks Bauhaus-University Weimar February 23, 2009 Ewan Fleischmann, Michael Gorski, Stefan Lucks On the

  1. Outline Introduction Security of Tandem-DM Concluding Remarks On the Security of Tandem-DM Ewan Fleischmann, Michael Gorski, Stefan Lucks Bauhaus-University Weimar February 23, 2009 Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  2. Outline Introduction Security of Tandem-DM Concluding Remarks Introduction 1 Blockcipher Based Hashing Examples of DBL Hash Functions Security of Tandem-DM 2 Results on Collision Resistance Results on Preimage Resistance Model for the proof Proof Details Concluding Remarks 3 Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  3. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Approaches to building a cryptographic hash function From Scratch (MD4, MD5, SHA-0/1, SHA-256/512, RIPEMD, ...) From a blockcipher (MMO, DM, MDC-2/4, Tandem-DM, Abreast-DM, ...) From number-theoretic primitives or hard problems (lattices, modular arithmetic, ...) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  4. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Approaches to building a cryptographic hash function From Scratch (MD4, MD5, SHA-0/1, SHA-256/512, RIPEMD, ...) From a blockcipher (MMO, DM, MDC-2/4, Tandem-DM, Abreast-DM, ...) From number-theoretic primitives or hard problems (lattices, modular arithmetic, ...) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  5. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Approaches to building a cryptographic hash function From Scratch (MD4, MD5, SHA-0/1, SHA-256/512, RIPEMD, ...) From a blockcipher (MMO, DM, MDC-2/4, Tandem-DM, Abreast-DM, ...) From number-theoretic primitives or hard problems (lattices, modular arithmetic, ...) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  6. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Approaches to building a cryptographic hash function From Scratch (MD4, MD5, SHA-0/1, SHA-256/512, RIPEMD, ...) From a blockcipher (MMO, DM, MDC-2/4, Tandem-DM, Abreast-DM, ...) From number-theoretic primitives or hard problems (lattices, modular arithmetic, ...) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  7. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why? Several attacks on MD4-type functions in recent years (MD4/5, SHA family, RIPEMED, ...) Only one primitve for encryption and hashing Low cost hardware Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  8. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why? Several attacks on MD4-type functions in recent years (MD4/5, SHA family, RIPEMED, ...) Only one primitve for encryption and hashing Low cost hardware Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  9. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why? Several attacks on MD4-type functions in recent years (MD4/5, SHA family, RIPEMED, ...) Only one primitve for encryption and hashing Low cost hardware Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  10. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why not? Usually slower than dedicated hash function Weaknesses not relevant for encryption (e.g. DES weak keys) Output length too short (e.g. 128 bits for AES) = ⇒ double block length constructions needed (e.g. hash output size of 256 bits for AES) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  11. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why not? Usually slower than dedicated hash function Weaknesses not relevant for encryption (e.g. DES weak keys) Output length too short (e.g. 128 bits for AES) = ⇒ double block length constructions needed (e.g. hash output size of 256 bits for AES) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  12. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why not? Usually slower than dedicated hash function Weaknesses not relevant for encryption (e.g. DES weak keys) Output length too short (e.g. 128 bits for AES) = ⇒ double block length constructions needed (e.g. hash output size of 256 bits for AES) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  13. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - Why not? Usually slower than dedicated hash function Weaknesses not relevant for encryption (e.g. DES weak keys) Output length too short (e.g. 128 bits for AES) = ⇒ double block length constructions needed (e.g. hash output size of 256 bits for AES) Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  14. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - The Goal ’Secure’ (ideal cipher model) e.g. birthday type collision resistance Long hash output (e.g. >> 128 bits = blocksize) Efficient: efficiency = size of message input number of blockcipher calls needed to process this input Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  15. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - The Goal ’Secure’ (ideal cipher model) e.g. birthday type collision resistance Long hash output (e.g. >> 128 bits = blocksize) Efficient: efficiency = size of message input number of blockcipher calls needed to process this input Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  16. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - The Goal ’Secure’ (ideal cipher model) e.g. birthday type collision resistance Long hash output (e.g. >> 128 bits = blocksize) Efficient: efficiency = size of message input number of blockcipher calls needed to process this input Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  17. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Blockcipher Based Hashing - The Goal ’Secure’ (ideal cipher model) e.g. birthday type collision resistance Long hash output (e.g. >> 128 bits = blocksize) Efficient: efficiency = size of message input number of blockcipher calls needed to process this input Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  18. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Example: Hirose’s FSE’06 proposal H i − 1 E H i G i − 1 M i const G i E Rate 1/2, Output size: 2n (i.e. AES-256 256 bits) Collision Resistance: > 2 124 . 5 for CF ( n , 2 n )-blockchiffre, n-bit cipher/plaintext, 2n-bit key Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  19. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Example: Hirose’s FSE’06 proposal H i − 1 E H i G i − 1 M i const G i E Rate 1/2, Output size: 2n (i.e. AES-256 256 bits) Collision Resistance: > 2 124 . 5 for CF ( n , 2 n )-blockchiffre, n-bit cipher/plaintext, 2n-bit key Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  20. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Example: Hirose’s FSE’06 proposal H i − 1 E H i G i − 1 M i const G i E Rate 1/2, Output size: 2n (i.e. AES-256 256 bits) Collision Resistance: > 2 124 . 5 for CF ( n , 2 n )-blockchiffre, n-bit cipher/plaintext, 2n-bit key Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

  21. Outline Introduction Blockcipher Based Hashing Security of Tandem-DM Examples of DBL Hash Functions Concluding Remarks Tandem-DM - a DBL hash function E H i − 1 H i M i G i − 1 G i E Rate 1 / 2, Output: 2 n (i.e. AES-256: 2 n = 256-bit) Proof of Collision Resistance: this presentation/paper ( n , 2 n )-blockchiffre, n-bit cipher/plaintext, 2n-bit key Ewan Fleischmann, Michael Gorski, Stefan Lucks On the Security of Tandem-DM

Recommend

DNA Short Tandem Repeats Organism DNA Short Tandem Repeats Organ DNA Short Tandem Repeats Cell

DNA Short Tandem Repeats Organism DNA Short Tandem Repeats Organ DNA Short Tandem Repeats Cell

DNA Short Tandem Repeats Organism DNA Short Tandem Repeats Organ DNA Short Tandem Repeats Cell Weights 1kg a bag of sugar 1g paper clip 1mg (milligram) 0.001g brain of a bee 1g (microgram) 0.000001g weight of a

1.38k views • 102 slides
Tandem modeling investigations Dan Ellis International Computer Science Institute, Berkeley CA

Tandem modeling investigations Dan Ellis International Computer Science Institute, Berkeley CA

Tandem modeling investigations Dan Ellis International Computer Science Institute, Berkeley CA <dpwe@icsi.berkeley.edu> Outline 1 What makes Tandem successful? 2 Can we make Tandem better? 3 Does Tandem work with LVCSR tricks?

716 views • 7 slides
The Collision Security of Tandem-DM in the Ideal Cipher Model Jooyoung Lee 1 Martijn Stam 2 John

The Collision Security of Tandem-DM in the Ideal Cipher Model Jooyoung Lee 1 Martijn Stam 2 John

The Collision Security of Tandem-DM in the Ideal Cipher Model Jooyoung Lee 1 Martijn Stam 2 John Steinberger 3 1 Faculty of Mathematics and Statistics, Sejong University, Seoul, Korea 2 Department of Computer Science, University of Bristol,

647 views • 52 slides
Tandem Nishita Muhnot | Kevin Scott | Tiffany Tsai | Ari Zilnik Whats Tandem? The

Tandem Nishita Muhnot | Kevin Scott | Tiffany Tsai | Ari Zilnik Whats Tandem? The

Tandem Nishita Muhnot | Kevin Scott | Tiffany Tsai | Ari Zilnik Whats Tandem? The Market Name Rating Price Repair Step by Videos Messaging Route Sensing Emergency Injury Help Challenge Instruction step Mapping Request

1.78k views • 149 slides
Tandem bike for autistic person (Team Tandem) Team Members: Client: Callie Mataczynski - Team

Tandem bike for autistic person (Team Tandem) Team Members: Client: Callie Mataczynski - Team

Tandem bike for autistic person (Team Tandem) Team Members: Client: Callie Mataczynski - Team Leader Eric Arndt - Communicator Advisor: Aaron Wagner - BWIG/BPAG Mengizem Tizale - BSAC 1 Presentation Overview 2

196 views • 15 slides
Orientations bipolaires et chemins tandem Eric Fusy (CNRS/LIX) Travaux avec Mireille

Orientations bipolaires et chemins tandem Eric Fusy (CNRS/LIX) Travaux avec Mireille

Orientations bipolaires et chemins tandem Eric Fusy (CNRS/LIX) Travaux avec Mireille Bousquet-M elou et Kilian Raschel Journ ees Alea, 2017 Tandem walks A tandem-walk is a walk in Z 2 with step-set { N, W, SE } in the plane Z 2 in the

780 views • 30 slides
The Potential of Tandem Photovoltaic Solar Cells Tandem Photovoltaic Solar Cells for Indoor

The Potential of Tandem Photovoltaic Solar Cells Tandem Photovoltaic Solar Cells for Indoor

The Potential of Tandem Photovoltaic Solar Cells Tandem Photovoltaic Solar Cells for Indoor Applications pp Ben Minnaert and Peter Veelaert Faculty of Engineering and Architecture Ghent University, Belgium Ben.Minnaert@UGent.be Low power indoor

906 views • 9 slides
Modeling Wind Shielding for FPSO Tandem Offloading using CFD Bob Gordon, Granherne Satpreet

Modeling Wind Shielding for FPSO Tandem Offloading using CFD Bob Gordon, Granherne Satpreet

Modeling Wind Shielding for FPSO Tandem Offloading using CFD Bob Gordon, Granherne Satpreet Nanda, CD-adapco Presentation Outline FPSO Tandem Offloading Examples of Shielding in Offshore Applications Wind Tunnel Tests for Tandem

1.03k views • 20 slides
Direct analysis of neutrals using superconducting detector in tandem mass spectrometry TOD:

Direct analysis of neutrals using superconducting detector in tandem mass spectrometry TOD:

Direct analysis of neutrals using superconducting detector in tandem mass spectrometry TOD: Novel Developments in Mass Spectrometry Instrumentation: Analyzers, Detectors, Tandem Instruments ! City hall, May 31, 2009 ASMS2009, Philadelphia !

127 views • 9 slides
Status of the TanDEM-X Mission Irena Hajnsek*, Daniel Schulze, Thomas Busche, Manfred Zink,

Status of the TanDEM-X Mission Irena Hajnsek*, Daniel Schulze, Thomas Busche, Manfred Zink,

Status of the TanDEM-X Mission Irena Hajnsek*, Daniel Schulze, Thomas Busche, Manfred Zink, Gerhard Krieger, Alberto Moreira & TanDEM-X Team Microwaves and Radar Institute, DLR - German Aerospace Center *ETH Zrich, Environmental

349 views • 22 slides
How to break into a Tandem System and how to prevent it! Carl Weber GreenHouse Software

How to break into a Tandem System and how to prevent it! Carl Weber GreenHouse Software

1234 How to break into a Tandem System and how to prevent it! Carl Weber GreenHouse Software & Consulting Security SIG of ETUG, 25. September 2012 1234 This This is is what what you you have have to to secure secure 1234

1.11k views • 99 slides
Joint Optimisation of Tandem Systems using Gaussian Mixture Density Neural Network Discriminative

Joint Optimisation of Tandem Systems using Gaussian Mixture Density Neural Network Discriminative

Joint Optimisation of Tandem Systems using Gaussian Mixture Density Neural Network Discriminative Sequence Training Chao Zhang and Phil Woodland March 8, 2017 Cambridge University Engineering Department Introduction Tandem Systems as Mixture

926 views • 17 slides
RESPITE: Tandem & multistream research Dan Ellis International Computer Science Institute,

RESPITE: Tandem & multistream research Dan Ellis International Computer Science Institute,

RESPITE: Tandem & multistream research Dan Ellis International Computer Science Institute, Berkeley CA <dpwe@icsi.berkeley.edu> Outline 1 Tandem & LVCSR 2 Mutual information for multistream design 3 Other multistream work at

251 views • 13 slides
Introduction to IBA The RBS and ERD techniques Anastasios Lagoyannis Tandem Accelerator

Introduction to IBA The RBS and ERD techniques Anastasios Lagoyannis Tandem Accelerator

Introduction to IBA The RBS and ERD techniques Anastasios Lagoyannis Tandem Accelerator Laboratory Institute of Nuclear and Particle Physics N.C.S.R. Demokritos Outline Ion Beam Analysis Theoretical background Rutherford

806 views • 46 slides
Experimental Radar Modes with TerraSAR-X and TanDEM-X U. Steinbrecher 1 , S. Baumgartner 1 , S.

Experimental Radar Modes with TerraSAR-X and TanDEM-X U. Steinbrecher 1 , S. Baumgartner 1 , S.

Experimental Radar Modes with TerraSAR-X and TanDEM-X U. Steinbrecher 1 , S. Baumgartner 1 , S. Suchandt 2 , S. Wollstadt 1 , J. Mittermayer 1 , R. Scheiber 1 , D. Schulze 1 , H. Breit 2 1 German Aerospace Center (DLR), Microwaves and Radar

387 views • 28 slides
Synthesis of New Derivatives of Monoazaphenothiazine via Tandem Catalysis Swande Peter Iorember 1

Synthesis of New Derivatives of Monoazaphenothiazine via Tandem Catalysis Swande Peter Iorember 1

Synthesis of New Derivatives of Monoazaphenothiazine via Tandem Catalysis Swande Peter Iorember 1 *, Anoh Vitalis Aondoaver 2 and Agbo Stephen Attah 2 . 1. Department of Basic Sciences, Akperan Orshi College of Agriculture, Yandev, Gboko, 2.

828 views • 9 slides
Tandem Mass Spectrometry: Practicalities and troubleshooting Sarah Montague and Dipti Seekun

Tandem Mass Spectrometry: Practicalities and troubleshooting Sarah Montague and Dipti Seekun

Tandem Mass Spectrometry: Practicalities and troubleshooting Sarah Montague and Dipti Seekun North Thames Newborn Screening Laboratory, GOSH. The child first and always The Camelia Botnar Laboratories at Great Ormond Street Hospital For Sick

232 views • 20 slides
Direct Aqueous Determination of Glyphosate and Related Compounds by Liquid Chromatography/ Tandem

Direct Aqueous Determination of Glyphosate and Related Compounds by Liquid Chromatography/ Tandem

Direct Aqueous Determination of Glyphosate and Related Compounds by Liquid Chromatography/ Tandem Mass Spectrometry using Reversed-Phase and Weak Anion-Exchange Mixed-mode Column Chunyan Hao, David Morse, Franca Morra, Xiaoming Zhao, Paul Yang

460 views • 22 slides
Tandem Group plc Investor presentation September 2019 1 DISCLAIMER This document does not

Tandem Group plc Investor presentation September 2019 1 DISCLAIMER This document does not

Tandem Group plc Investor presentation September 2019 1 DISCLAIMER This document does not constitute or form part of any offer or invitation to sell or issue, or any solicitation of any offer to purchase or subscribe for, any shares in the

776 views • 44 slides
2018-2019 NCI-AD Implementation Guide The NCI-AD Implementation Guide, in tandem with the NCI-AD

2018-2019 NCI-AD Implementation Guide The NCI-AD Implementation Guide, in tandem with the NCI-AD

2018-2019 NCI-AD Implementation Guide The NCI-AD Implementation Guide, in tandem with the NCI-AD Project Abstract, is intended to assist Participating States with planning for the 2018-2019 NCI-AD survey year. The Guide identifies key aspects of

251 views • 11 slides
Partnerships like pedaling a tandem bicycle Lets take a ride together on the GAP December

Partnerships like pedaling a tandem bicycle Lets take a ride together on the GAP December

Partnerships like pedaling a tandem bicycle Lets take a ride together on the GAP December 14, 2006 The Great Allegheny Passage CONNECTS to the C&O Canal Towpath in Cumberland MD Mile after Mile Dedication after Dedication Linda

680 views • 31 slides
PROTEINS WITH TANDEM REPEATS Dr Andrey Kajava Group of Structural Bioinformatics and Molecular

PROTEINS WITH TANDEM REPEATS Dr Andrey Kajava Group of Structural Bioinformatics and Molecular

PROTEINS WITH TANDEM REPEATS Dr Andrey Kajava Group of Structural Bioinformatics and Molecular Modeling Centre de Recherches de Biochimie Macromolculaire, CNRS Montpellier, FRANCE PROTEI N SEQUENCE STRUCTURE - FUNCTI ON Proteins with

1.06k views • 73 slides
Product presentation BIPRO 3 Daily Ease The BIPRO 3 tandem pilot harness has many useful

Product presentation BIPRO 3 Daily Ease The BIPRO 3 tandem pilot harness has many useful

Product presentation BIPRO 3 Daily Ease The BIPRO 3 tandem pilot harness has many useful features for a simple and safe working day. The harness weighs a mere 2.6 kg and is strongly built. It was developed at the world-famous Interlaken

321 views • 15 slides
Financial Issues Affecting Energy Security Gail E. Tverberg Oct. 26, 2012 AES 2012 World

Financial Issues Affecting Energy Security Gail E. Tverberg Oct. 26, 2012 AES 2012 World

Financial Issues Affecting Energy Security Gail E. Tverberg Oct. 26, 2012 AES 2012 World GDP, Oil Consumption, and Energy Consumption move in tandem, downward 2 Oil supply recently growing slowly, price high Based on data from BPs

337 views • 15 slides

More recommend