Score:2

Crypto

Recommended output filter for Rumba20

samuel-lucas6

7/1/24, 10:27 AM

Rumba20 is a compression function that maps a 192-byte (1536-bit) string to a 64-byte (512-bit) string. It's designed to provide collision resistance by using Salsa20 (or ChaCha20) with the feedforward.

However, from the Rumba20 webpage:

Rumba20 is not designed to provide unpredictability, truncated collision resistance, etc. These features must be provided by an appropriate output filter. Rumba20's goal is to efficiently compress a long input so that only a small amount of data has to be handled by the output filter.

And from the Rumba20 paper (p. 9):

in applications needing more than collision resistance (and perhaps in all applications), the compression-function output should be fed through an output filter before it is given to the application.

Unfortunately, no example/recommended output filters seem to have been mentioned on this webpage or in papers mentioning Rumba20. I've also not come across the term 'output filter' in books. Therefore, my questions are:

What's an appropriate output filter for Rumba20?
Can something based on Salsa20/ChaCha20 be used as an output filter? Bringing in another primitive seems to defeat the point of Rumba20 since you may as well just use a collision-resistant hash function.

1 + 6

collision-resistance

salsa20

chacha

compression-function

rumba20

samuel-lucas6

7/1/24, 12:45 PM

Why is this being downvoted and voted to close? It's a legitimate question. Asking about the [collision resistance of the ChaCha core](https://crypto.stackexchange.com/questions/26437/collision-or-second-preimage-for-the-chacha-core), which is not designed to be collision resistant, is considered a good question but asking about Rumba20, which is designed to be collision resistant, is considered a bad question? I think they're both important questions, and there has not been much discussion of Rumba20 here.

kodlu

7/1/24, 3:31 PM

perhaps you could bother to fix/typeset your equations--it's not like you are a new user with zero reputation

samuel-lucas6

7/1/24, 5:46 PM

@kodlu That doesn't mean I'm familiar with LaTeX formatting. If you look at my answers, they're written in text. I've only just started using basic LaTeX following a template for my dissertation and didn't know that was possible in quotes. As long as it's readable (and I believe it is), I don't see how that affects the quality of the actual question and prevents an answer.

Paul Uszak

7/1/24, 7:54 PM

As one of the most down voted/ hated/ "mentally ill" members here, I empathise :-) Just remember that this is just a bit of social media fun. You could always try Quora. There's a lot of good crypto stuff there without the voting shenanigans. Anyway, have an upvote...

Maarten Bodewes

7/1/24, 8:05 PM

Although I am kind of resistant now since I'm a well known user - and of course mod - on [so] and [crypto.se] I've definitely received my amount of negativity / downvotes. Unfortunately questioning downvotes is generally not helpful, as the person that did the downvoting generally doesn't read the comment as they have moved on. It's rather annoying especially if no explanation is being given. As it stands, I would consider the question perfectly fine for the site and the edits to include the source material certainly help. Learning a minimum amount of MathJax / $\LaTeX$ may help.

samuel-lucas6

7/3/24, 12:49 PM

Not sure why this has been closed for 'needs details or clarity'. I don't see how I can make the question much clearer. The whole point is that the author has not made it very clear what an output filter is despite it supposedly being required to use Rumba20. It feels more like the question has been closed because people don't know the answer and have never heard of Rumba20.

Score:1

Crypto

samuel-lucas6

7/2/24, 11:15 AM

What's an appropriate output filter for Rumba20?

After coming across this other question, I discovered the RFSB paper mentions the following:

To build a full-fledged cryptographic hash function, suitable for use in message authentication, commitment protocols, etc., we can add any reasonably strong output filter to RFSB-509. One reasonable choice of output filter is SHA256; of course, the 256-bit output length of SHA-256 then reduces collision resistance to $2^{128}$. We emphasize that an output filter adds only a small constant overhead to the cost of hashing; the speed of hashing a long message is the speed of our compression function.

This doesn't surprise me as a cryptographic hash function obviously provides truncated collision resistance, etc.

Unfortunately, I can't confidently answer my second, more important question. However, at least there is now a reference for an example output filter.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Recommended output filter for Rumba20

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.