Difference between revisions of "Tiger"
From The ECRYPT Hash Function Website
(→Best Known Results) |
m (Two Passes of Tiger Are Not One-Way) |
||
| Line 113: | Line 113: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
| + | <bibtex> | ||
| + | @inproceedings{africacryptMendel09, | ||
| + | author = {Florian Mendel}, | ||
| + | title = {Two Passes of Tiger Are Not One-Way}, | ||
| + | year = {2009}, | ||
| + | pages = {29-40}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-642-02384-2_3}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | booktitle = {AFRICACRYPT}, | ||
| + | publisher = {Springer}, | ||
| + | volume = {5580}, | ||
| + | abstract = {Tiger is a cryptographic hash function proposed by Anderson and Biham in 1996 and produces a 192-bit hash value. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. Collision attacks have been presented for Tiger reduced to 16 and 19 (out of 24) rounds at FSE 2006 and Indocrypt 2006. Furthermore, Mendel and Rijmen presented a 1-bit pseudo-near-collision for the full Tiger hash function at ASIACRYPT 2007. The attack has a complexity of about 2^47 compression function evaluations. While there exist several collision-style attacks for Tiger, the picture is different for preimage attacks. At WEWoRC 2007, Indesteege and Preneel presented a preimage attack on Tiger reduced to 12 and 13 rounds with a complexity of 2^64.5 and 2^128.5, respectively. | ||
| + | In this article, we show a preimage attack on Tiger with two passes (16 rounds) with a complexity of about 2^174 compression function evaluations. Furthermore, we show how the attack can be extended to 17 rounds with a complexity of about 2^185. Even though the attacks are only slightly faster than brute force search, they present a step forward in the cryptanalysis of Tiger. | ||
| + | } | ||
| + | </bibtex> | ||
---- | ---- | ||
=== Others === | === Others === | ||
Revision as of 13:41, 9 July 2009
Contents
1 Specification
- digest size: 192/160/128 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 192-bit chaining variable
- Specification: Tiger: A Fast New Cryptographic Hash Function
Ross J. Anderson, Eli Biham - TIGER: A Fast New Hash Function
- FSE 1039:89-97,1996
- http://dx.doi.org/10.1007/3-540-60865-6
BibtexAuthor : Ross J. Anderson, Eli Biham
Title : TIGER: A Fast New Hash Function
In : FSE -
Address :
Date : 1996
2 Cryptanalysis
2.1 Best Known Results
The best known attack is a 1-bit circular pseudo-near-collision for Tiger with a complexity of about 247 of Mendel and Rijmen. The best collision attack on Tiger was presented by Mendel et al. for Tiger reduced to 19 out of 24 rounds. The attack has a complexity of about 262.
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Vincent Rijmen - Cryptanalysis of the Tiger Hash Function
- ASIACRYPT 4833:536-550,2007
- http://dx.doi.org/10.1007/978-3-540-76900-2_33
BibtexAuthor : Florian Mendel, Vincent Rijmen
Title : Cryptanalysis of the Tiger Hash Function
In : ASIACRYPT -
Address :
Date : 2007
Florian Mendel, Bart Preneel, Vincent Rijmen, Hirotaka Yoshida, Dai Watanabe - Update on Tiger
- INDOCRYPT 4329:63-79,2006
- http://dx.doi.org/10.1007/11941378_6
BibtexAuthor : Florian Mendel, Bart Preneel, Vincent Rijmen, Hirotaka Yoshida, Dai Watanabe
Title : Update on Tiger
In : INDOCRYPT -
Address :
Date : 2006
John Kelsey, Stefan Lucks - Collisions and Near-Collisions for Reduced-Round Tiger
- FSE 4047:111-125,2006
- http://dx.doi.org/10.1007/11799313_8
BibtexAuthor : John Kelsey, Stefan Lucks
Title : Collisions and Near-Collisions for Reduced-Round Tiger
In : FSE -
Address :
Date : 2006
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Florian Mendel - Two Passes of Tiger Are Not One-Way
- AFRICACRYPT 5580:29-40,2009
- http://dx.doi.org/10.1007/978-3-642-02384-2_3
BibtexAuthor : Florian Mendel
Title : Two Passes of Tiger Are Not One-Way
In : AFRICACRYPT -
Address :
Date : 2009
