2
$\begingroup$

Rumba20 is a compression function that maps a 192-byte (1536-bit) string to a 64-byte (512-bit) string. It's designed to provide collision resistance by using Salsa20 (or ChaCha20) with the feedforward.

However, from the Rumba20 webpage:

Rumba20 is not designed to provide unpredictability, truncated collision resistance, etc. These features must be provided by an appropriate output filter. Rumba20's goal is to efficiently compress a long input so that only a small amount of data has to be handled by the output filter.

And from the Rumba20 paper (p. 9):

in applications needing more than collision resistance (and perhaps in all applications), the compression-function output should be fed through an output filter before it is given to the application.

Unfortunately, no example/recommended output filters seem to have been mentioned on this webpage or in papers mentioning Rumba20. I've also not come across the term 'output filter' in books. Therefore, my questions are:

  1. What's an appropriate output filter for Rumba20?
  2. Can something based on Salsa20/ChaCha20 be used as an output filter? Bringing in another primitive seems to defeat the point of Rumba20 since you may as well just use a collision-resistant hash function.
Improve this question
$\endgroup$
6
  • 1
    $\begingroup$ Why is this being downvoted and voted to close? It's a legitimate question. Asking about the collision resistance of the ChaCha core, which is not designed to be collision resistant, is considered a good question but asking about Rumba20, which is designed to be collision resistant, is considered a bad question? I think they're both important questions, and there has not been much discussion of Rumba20 here. $\endgroup$
    – samuel-lucas6
    Commented Jul 1, 2023 at 12:45
  • $\begingroup$ perhaps you could bother to fix/typeset your equations--it's not like you are a new user with zero reputation $\endgroup$
    – kodlu
    Commented Jul 1, 2023 at 15:31
  • 2
    $\begingroup$ @kodlu That doesn't mean I'm familiar with LaTeX formatting. If you look at my answers, they're written in text. I've only just started using basic LaTeX following a template for my dissertation and didn't know that was possible in quotes. As long as it's readable (and I believe it is), I don't see how that affects the quality of the actual question and prevents an answer. $\endgroup$
    – samuel-lucas6
    Commented Jul 1, 2023 at 17:46
  • 1
    $\begingroup$ As one of the most down voted/ hated/ "mentally ill" members here, I empathise :-) Just remember that this is just a bit of social media fun. You could always try Quora. There's a lot of good crypto stuff there without the voting shenanigans. Anyway, have an upvote... $\endgroup$
    – Paul Uszak
    Commented Jul 1, 2023 at 19:54
  • 3
    $\begingroup$ Although I am kind of resistant now since I'm a well known user - and of course mod - on Stack Overflow and Cryptography I've definitely received my amount of negativity / downvotes. Unfortunately questioning downvotes is generally not helpful, as the person that did the downvoting generally doesn't read the comment as they have moved on. It's rather annoying especially if no explanation is being given. As it stands, I would consider the question perfectly fine for the site and the edits to include the source material certainly help. Learning a minimum amount of MathJax / $\LaTeX$ may help. $\endgroup$
    – Maarten Bodewes
    Commented Jul 1, 2023 at 20:05

1 Answer 1

Reset to default
1
$\begingroup$
  1. What's an appropriate output filter for Rumba20?

After coming across this other question, I discovered the RFSB paper mentions the following:

To build a full-fledged cryptographic hash function, suitable for use in message authentication, commitment protocols, etc., we can add any reasonably strong output filter to RFSB-509. One reasonable choice of output filter is SHA256; of course, the 256-bit output length of SHA-256 then reduces collision resistance to $2^{128}$. We emphasize that an output filter adds only a small constant overhead to the cost of hashing; the speed of hashing a long message is the speed of our compression function.

This doesn't surprise me as a cryptographic hash function obviously provides truncated collision resistance, etc.

Unfortunately, I can't confidently answer my second, more important question. However, at least there is now a reference for an example output filter.

Improve this answer
$\endgroup$

Not the answer you're looking for? Browse other questions tagged or ask your own question.