Cryptanalysis of the Tiger Hash Function
Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about 244 and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about 262. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 244. No attack is known for the full Tiger hash function.
In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about 247 hash computations and a pseudo-collision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.
KeywordsCryptanalysis hash functions differential attack collision near-collision pseudo-collision pseudo-near-collision
- 1.Anderson, R.J., Biham, E.: TIGER: A Fast New Hash Function. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol. 1039, pp. 89–97. Springer, Heidelberg (1996)Google Scholar