Collisions and Near-Collisions for Reduced-Round Tiger

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4047)


We describe a collision-finding attack on 16 rounds of the Tiger hash function requiring the time for about 244 compression function invocations. This extends to a collision-finding attack on 17 rounds of the Tiger hash function in time of about 249 compression function invocations. Another attack generates circular near-collisions, for 20 rounds of Tiger with work less than that of 249 compression function invocations. Since Tiger has only 24 rounds, these attacks may raise some questions about the security of Tiger. In developing these attacks, we adapt the ideas of message modification attacks and neutral bits, developed in the analysis of MD4 family hashes, to a completely different hash function design.


Tiger hash function collisions attack 


  1. 1.
    Anderson, R., Biham, E.: Tiger: A Fast New Hash Function. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: FSE 1996. LNCS, pp. 121–144. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Wang, X., Lai, X., Feng, D., Cheng, H., Yu, X.: Cryptanalyisis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Wang, X., Yao, A., Yao, F.: New Collision Search for SHA-1. Presentation at rump session of Crypto 2005 (communicated by A. Shamir) (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.NISTUSA
  2. 2.University of MannheimGermany

Personalised recommendations