Difference between revisions of "Tiger"
From The ECRYPT Hash Function Website
(→Collision Attacks) |
(→Collision Attacks) |
||
| Line 61: | Line 61: | ||
url = {http://dx.doi.org/10.1007/978-3-540-76900-2_33}, | url = {http://dx.doi.org/10.1007/978-3-540-76900-2_33}, | ||
abstract = {Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about $2^44$ and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about $2^62$. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about $2^44$. No attack is known for the full Tiger hash function. In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about $2^47$ hash computations and a pseudo-collision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.}, | abstract = {Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about $2^44$ and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about $2^62$. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about $2^44$. No attack is known for the full Tiger hash function. In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about $2^47$ hash computations and a pseudo-collision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{indocryptMendelPRYW06, | ||
| + | author = {Florian Mendel and Bart Preneel and Vincent Rijmen and Hirotaka Yoshida and Dai Watanabe}, | ||
| + | title = {Update on Tiger}, | ||
| + | booktitle = {INDOCRYPT}, | ||
| + | year = {2006}, | ||
| + | pages = {63-79}, | ||
| + | url = {http://dx.doi.org/10.1007/11941378_6}, | ||
| + | editor = {Rana Barua and Tanja Lange}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4329}, | ||
| + | isbn = {3-540-49767-6}, | ||
| + | abstract = {Tiger is a cryptographic hash function with a 192-bit hash value which was proposed by Anderson and Biham in 1996. At FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 (out of 24) rounds with complexity of about 244. Furthermore, they showed that a pseudo-near-collision can be found for a variant of Tiger with 20 rounds with complexity of about 248. In this article, we show how their attack method can be extended to construct a collision in the Tiger hash function reduced to 19 rounds. We present two different attack strategies for constructing collisions in Tiger-19 with complexity of about 262 and 269. Furthermore, we present a pseudo-near-collision for a variant of Tiger with 22 rounds with complexity of about 244.}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
Revision as of 12:05, 11 March 2008
Contents
1 Specification
- digest size: 192/160/128 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 192-bit chaining variable
- Specification: Tiger: A Fast New Cryptographic Hash Function
Ross J. Anderson, Eli Biham - TIGER: A Fast New Hash Function
- FSE 1039:89-97,1996
- http://dx.doi.org/10.1007/3-540-60865-6
BibtexAuthor : Ross J. Anderson, Eli Biham
Title : TIGER: A Fast New Hash Function
In : FSE -
Address :
Date : 1996
2 Cryptanalysis
2.1 Best Known Results
The best Known attack is a 1-bit circular pseudo-near-collision for Tiger with a complexity of about 247 of Mendel and Rijmen. The best collision attack on Tiger was presented by Mendel et al. for Tiger reduced to 19 out of 24 rounds. The attack has a complexity of about 262.
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Vincent Rijmen - Cryptanalysis of the Tiger Hash Function
- ASIACRYPT 4833:536-550,2007
- http://dx.doi.org/10.1007/978-3-540-76900-2_33
BibtexAuthor : Florian Mendel, Vincent Rijmen
Title : Cryptanalysis of the Tiger Hash Function
In : ASIACRYPT -
Address :
Date : 2007
Florian Mendel, Bart Preneel, Vincent Rijmen, Hirotaka Yoshida, Dai Watanabe - Update on Tiger
- INDOCRYPT 4329:63-79,2006
- http://dx.doi.org/10.1007/11941378_6
BibtexAuthor : Florian Mendel, Bart Preneel, Vincent Rijmen, Hirotaka Yoshida, Dai Watanabe
Title : Update on Tiger
In : INDOCRYPT -
Address :
Date : 2006
John Kelsey, Stefan Lucks - Collisions and Near-Collisions for Reduced-Round Tiger
- FSE 4047:111-125,2006
- http://dx.doi.org/10.1007/11799313_8
BibtexAuthor : John Kelsey, Stefan Lucks
Title : Collisions and Near-Collisions for Reduced-Round Tiger
In : FSE -
Address :
Date : 2006
