Cryptanalysis of the Tiger Hash Function

Abstract

Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about 244 and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about 262. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 244. No attack is known for the full Tiger hash function.

In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about 247 hash computations and a pseudo-collision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.