Chapter

Advances in Cryptology – ASIACRYPT 2007

Volume 4833 of the series Lecture Notes in Computer Science pp 536-550

Cryptanalysis of the Tiger Hash Function

  • Florian MendelAffiliated withInstitute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010 Graz
  • , Vincent RijmenAffiliated withInstitute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010 Graz

Abstract

Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about 244 and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about 262. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 244. No attack is known for the full Tiger hash function.

In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about 247 hash computations and a pseudo-collision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.

Keywords

Cryptanalysis hash functions differential attack collision near-collision pseudo-collision pseudo-near-collision