Two Passes of Tiger Are Not One-Way [chapter]

Florian Mendel
2009 Lecture Notes in Computer Science  
Tiger is a cryptographic hash function proposed by Anderson and Biham in 1996 and produces a 192-bit hash value. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. Collision attacks have been presented for Tiger reduced to 16 and 19 (out of 24) rounds at FSE 2006 and Indocrypt 2006. Furthermore, Mendel and Rijmen presented a 1-bit pseudo-near-collision for the full Tiger hash function at ASIACRYPT 2007. The attack has a complexity of about 2 47
more » ... function evaluations. While there exist several collision-style attacks for Tiger, the picture is different for preimage attacks. At WEWoRC 2007, Indesteege and Preneel presented a preimage attack on Tiger reduced to 12 and 13 rounds with a complexity of 2 64.5 and 2 128.5 , respectively. In this article, we show a preimage attack on Tiger with two passes (16 rounds) with a complexity of about 2 174 compression function evaluations. Furthermore, we show how the attack can be extended to 17 rounds with a complexity of about 2 185 . Even though the attacks are only slightly faster than brute force search, they present a step forward in the cryptanalysis of Tiger.
doi:10.1007/978-3-642-02384-2_3 fatcat:m3lqvpft25hzjfiyd4fxe4itna