Difference between revisions of "Tiger"

From The ECRYPT Hash Function Website
(Spezification)
Line 35: Line 35:
  
 
=== Best Known Results ===
 
=== Best Known Results ===
 +
 +
The best Known attack is a 1-bit circular pseudo-near-collision for Tiger with a complexity of about 2<sup>47</sup> of Mendel and Rijmen. The best collision attack on Tiger was presented by Mendel et al. for Tiger reduced to 19 out of 24 rounds. The attack has a complexity of about 2<sup>62</sup>.
  
 
----
 
----
Line 44: Line 46:
  
 
=== Collision Attacks ===
 
=== Collision Attacks ===
 +
 +
<bibtex>
 +
@inproceedings{asiacryptMendelR07,
 +
  author    = {Florian Mendel and Vincent Rijmen},
 +
  title    = {Cryptanalysis of the Tiger Hash Function},
 +
  booktitle = {ASIACRYPT},
 +
  year      = {2007},
 +
  editor    = {Kaoru Kurosawa},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {4833},
 +
  isbn      = {978-3-540-76899-9},
 +
  pages    = {536-550},
 +
  url        = {http://dx.doi.org/10.1007/978-3-540-76900-2_33},
 +
  abstract  = {Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about $2^44$ and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about $2^62$. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about $2^44$. No attack is known for the full Tiger hash function. In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about $2^47$ hash computations and a pseudo-collision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.},
 +
}
 +
</bibtex>
  
 
----
 
----

Revision as of 18:31, 10 March 2008

1 Specification

  • digest size: 192/160/128 bits
  • max. message length: < 264 bits
  • compression function: 512-bit message block, 192-bit chaining variable
  • Specification:

Ross J. Anderson, Eli Biham - TIGER: A Fast New Hash Function

FSE 1039:89-97,1996
http://dx.doi.org/10.1007/3-540-60865-6
Bibtex
Author : Ross J. Anderson, Eli Biham
Title : TIGER: A Fast New Hash Function
In : FSE -
Address :
Date : 1996

2 Cryptanalysis

2.1 Best Known Results

The best Known attack is a 1-bit circular pseudo-near-collision for Tiger with a complexity of about 247 of Mendel and Rijmen. The best collision attack on Tiger was presented by Mendel et al. for Tiger reduced to 19 out of 24 rounds. The attack has a complexity of about 262.


2.2 Generic Attacks


2.3 Collision Attacks

Florian Mendel, Vincent Rijmen - Cryptanalysis of the Tiger Hash Function

ASIACRYPT 4833:536-550,2007
http://dx.doi.org/10.1007/978-3-540-76900-2_33
Bibtex
Author : Florian Mendel, Vincent Rijmen
Title : Cryptanalysis of the Tiger Hash Function
In : ASIACRYPT -
Address :
Date : 2007

2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others