Tiger: A fast new hash function

  • Ross Anderson
  • Eli Biham
Hash Functions
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)


Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how long these functions' variants, such as RIPE-MD, MD5, SHA, SHA1 and Snefru-8, will remain unbroken. Furthermore, all these functions were designed for 32-bit processors, and cannot be implemented efficiently on the new generation of 64-bit processors such as the DEC Alpha. We therefore present a new hash function which we believe to be secure; it is designed to run quickly on 64-bit processors, without being too slow on existing machines.


  1. [And93]
    RJ Anderson, “The Classification of Hash Functions”, in 'Codes and Ciphers', proceedings of Fourth IMA Conference on Cryptography and Coding, pp 83–93Google Scholar
  2. [BS91]
    E Biham, A Shamir, “Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer (extended abstract)”, in Advances in Cryptology — CRYPTO '91, pp 156–171Google Scholar
  3. [BS93]
    E Biham, A Shamir, ‘Differential Cryptanalysis of the Data Encryption Standard’ (Springer 1993)Google Scholar
  4. [B94]
    E Biham, “New Types of Cryptanalytic Attacks Using Related Keys” in Journal of Cryptology v 7 no 4 (1994) PP 229–246Google Scholar
  5. [Dob95]
    H Dobertin, “MD4 is not collision-free” preprint, September 1995 Google Scholar
  6. [Mer90]
    RC Merkle, “A Fast Software One-Way Hash Function” in Journal of Cryptology v 3 no 1 (1990) pp 43–58Google Scholar
  7. [NIST92]
    National Institute of Standards and Technology, ‘Secure Hash Standard', FIPS 186, US Department of Commerce, January 1992Google Scholar
  8. [NIST95]
    National Institute of Standards and Technology, ‘Secure Hash Standard', FIPS 186-1, US Department of Commerce, April 1995Google Scholar
  9. [Pre93]
    B Preneel, ‘Analysis and Design of Cryptographic Hash Functions', PhD Thesis, Catholic University of Leuven 1993.Google Scholar
  10. [Riv90]
    RL Rivest, “The MD4 message-digest algorithm”, in Advances in Cryptology — CRYPTO '90, Springer LNCS v 537 pp 303–311; also Internet RFC 1320, April 1992Google Scholar
  11. [Riv92]
    RL Rivest, “The MD5 message-digest algorithm”, Internet RFC 1321, April 1992Google Scholar
  12. [RACE95]
    'Integrity Primitives for Secure Information Systems', Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040, Springer LNCS v 1007, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Ross Anderson
    • 1
  • Eli Biham
    • 2
  1. 1.Cambridge UniversityEngland
  2. 2.TechnionHaifaIsrael

Personalised recommendations