Cryptanalysis of the Tiger Hash Function
نویسندگان
چکیده
Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about 2 and a pseudo-near-collision for Tiger reduced to 20 rounds. Later, Mendel et al. extended this attack to a collision attack on Tiger reduced to 19 rounds with a complexity of about 2. Furthermore, they show a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 2. No attack is known for the full Tiger hash function. In this article, we show a pseudo-near-collision for the full Tiger hash function with a complexity of about 2 hash computations and a pseudocollision (free-start-collision) for Tiger reduced to 23 rounds with the same complexity.
منابع مشابه
Preimages for Reduced-Round Tiger
The cryptanalysis of the cryptographic hash function Tiger has, until now, focussed on finding collisions. In this paper we describe a preimage attack on the compression function of Tiger-12, i.e., Tiger reduced to 12 rounds out of 24, with a complexity of 2 compression function evaluations. We show how this can be used to construct second preimages with complexity 2 and first preimages with co...
متن کاملTwo Passes of Tiger Are Not One-Way
Tiger is a cryptographic hash function proposed by Anderson and Biham in 1996 and produces a 192-bit hash value. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. Collision attacks have been presented for Tiger reduced to 16 and 19 (out of 24) rounds at FSE 2006 and Indocrypt 2006. Furthermore, Mendel and Rijmen presented a 1-bit pseudo-near-collision fo...
متن کاملCryptanalysis and design of symmetric primitives
This thesis focuses on the cryptanalysis and the design of block ciphers and hash functions. The thesis starts with an overview of methods for cryptanalysis of block ciphers which are based on differential cryptanalysis. We explain these concepts and also several combinations of these attacks. We propose new attacks on reduced versions of ARIA and AES. Furthermore, we analyze the strength of th...
متن کاملAn Improved Hash Function Based on the Tillich-Zémor Hash Function
Using the idea behind the Tillich-Zémor hash function, we propose a new hash function. Our hash function is parallelizable and its collision resistance is implied by a hardness assumption on a mathematical problem. Also, it is secure against the known attacks. It is the most secure variant of the Tillich-Zémor hash function until now.
متن کاملCollisions and Near-Collisions for Reduced-Round Tiger
We describe a collision-finding attack on 16 rounds of the Tiger hash function requiring the time for about 2 compression function invocations. This extends to a collision-finding attack on 17 rounds of the Tiger hash function in time of about 2 compression function invocations. Another attack generates circular near-collisions, for 20 rounds of Tiger with work less than that of 2 compression f...
متن کامل