Finding preimages of tiger up to 23 steps

Authors:
Lei Wang;Yu Sasaki
Affiliations:
The University of Electro-Communications, Chofu-shi, Tokyo, Japan;NTT Information Sharing Platform Laboratories, NTT Corporation, Musashino-shi, Tokyo, Japan
Venue:
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Year:
2010

Citing 11
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
A Switching Closure Test to Analyze Cryptosystems

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
TIGER: A Fast New Hash Function

Proceedings of the Third International Workshop on Fast Software Encryption
Preimages for Reduced-Round Tiger

Research in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Two Passes of Tiger Are Not One-Way

AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Preimage Attacks on Reduced Tiger and SHA-2

Fast Software Encryption
Preimage Attacks on One-Block MD4, 63-Step MD5 and More

Selected Areas in Cryptography
Cryptanalysis of the tiger hash function

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Update on tiger

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Collisions and near-collisions for reduced-round tiger

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper evaluates the preimage resistance of the Tiger hash function. We will propose a pseudo-preimage attack on its compression function up to 23 steps with a complexity of 2181, which can be converted to a preimage attack on 23-step Tiger hash function with a complexity of 2187.5. The memory requirement of these attacks is 222 words. Our pseudo-preimage attack on the Tiger compression function adopts the meet-in-the-middle approach. We will divide the computation of the Tiger compression function into two independent parts. This enables us to transform the target of finding a pseudo-preimage to another target of finding a collision between two independent sets of some internal state, which will reduce the complexity. In order to maximize the number of the attacked steps, we derived several properties or weaknesses in both the key schedule function and the step function of the Tiger compression function, which gives us more freedom to separate the Tiger compression function.