Preimages for Reduced-Round Tiger
نویسندگان
چکیده
The cryptanalysis of the cryptographic hash function Tiger has, until now, focussed on finding collisions. In this paper we describe a preimage attack on the compression function of Tiger-12, i.e., Tiger reduced to 12 rounds out of 24, with a complexity of 2 compression function evaluations. We show how this can be used to construct second preimages with complexity 2 and first preimages with complexity 2 for Tiger-12. These attacks can also be extended to Tiger-13 at the expense of an additional factor of 2 in complexity.
منابع مشابه
Preimage Attacks on Reduced Tiger and SHA-2
This paper shows new preimage attacks on reduced Tiger and SHA-2. Indesteege and Preneel presented a preimage attack on Tiger reduced to 13 rounds (out of 24) with a complexity of 2. Our new preimage attack finds a one-block preimage of Tiger reduced to 16 rounds with a complexity of 2. The proposed attack is based on meet-in-themiddle attacks. It seems difficult to find “independent words” of ...
متن کاملAdvanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2 for finding preimages, and 2 for second-preimages. Both have memory requirement of orde...
متن کاملCryptanalysis of the Tiger Hash Function
Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a collision attack on Tiger reduced to 16 and 17 (out of 24) rounds with a complexity of about 2 and a pseudo-near-collision for Tiger reduced to ...
متن کاملFinding Second Preimages of Short Messages for Hamsi-256
In this paper we study the second preimage resistance of Hamsi-256, a second round SHA-3 candidate. We show that it is possible to find affine equations between some input bits and some output bits on the 3-round compression function. This property enables an attacker to find pseudo preimages for the Hamsi-256 compression function. The pseudo preimage algorithm can be used to find second preima...
متن کاملTwo Passes of Tiger Are Not One-Way
Tiger is a cryptographic hash function proposed by Anderson and Biham in 1996 and produces a 192-bit hash value. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. Collision attacks have been presented for Tiger reduced to 16 and 19 (out of 24) rounds at FSE 2006 and Indocrypt 2006. Furthermore, Mendel and Rijmen presented a 1-bit pseudo-near-collision fo...
متن کامل