Memoryless Related-Key Boomerang Attack on the Full Tiger Block Cipher

  • Ewan Fleischmann
  • Michael Gorski
  • Stefan Lucks
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)


In this paper we present the first attack on the full 24 round internal block cipher of Tiger [1]. Tiger is a hash function proposed by Biham and Anderson at FSE’96. It takes about ten years until the first cryptanalytic result was presented by Kelsey and Lucks [10] at FSE’06. Up to now, the best known attack on the internal block cipher of Tiger is able to break 22 rounds. Our attack on the full 24 rounds of the Tiger block cipher has a data complexity of 23.5 chosen plaintexts and ciphertexts, which can be called memoryless. This is since we do not have to store all the data generated in our attack. The time complexity is about 2259.5 24-round Tiger encryptions. Moreover, we have further reduced the time complexity using a bit fixing technique to 2195.5 24-round encryptions.


differential cryptanalysis related-key boomerang attack Tiger block cipher 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.J., Biham, E.: TIGER: A Fast New Hash Function. In: Gollmann [8], pp. 89–97Google Scholar
  2. 2.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. J. Cryptology 7(4), 229–246 (1994)CrossRefzbMATHGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  5. 5.
    Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)zbMATHGoogle Scholar
  6. 6.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard [5], pp. 416–427 (1989)Google Scholar
  7. 7.
    Doganaksoy, A., Ozen, O., Varc, K.: On the Security of the Encryption Mode of Tiger (unpublished)Google Scholar
  8. 8.
    Gollmann, D. (ed.): FSE 1996. LNCS, vol. 1039. Springer, Heidelberg (1996)zbMATHGoogle Scholar
  9. 9.
    Indesteege, S., Preneel, B.: Preimages for Reduced-Round Tiger (unpublished),
  10. 10.
    Kelsey, J., Lucks, S.: Collisions and Near-Collisions for Reduced-Round Tiger. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 111–125. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Mendel, F., Preneel, B., Rijmen, V., Yoshida, H., Watanabe, D.: Update on tiger. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 63–79. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Mendel, F., Rijmen, V.: Cryptanalysis of the Tiger Hash Function. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 536–550. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard [5], pp. 428–446 (1989)Google Scholar
  14. 14.
    Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: Gollmann [8], pp. 121–144 (1996)Google Scholar
  15. 15.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ewan Fleischmann
    • 1
  • Michael Gorski
    • 1
  • Stefan Lucks
    • 1
  1. 1.Bauhaus-University WeimarGermany

Personalised recommendations