Memoryless Related-Key Boomerang Attack on the Full Tiger Block Cipher
In this paper we present the first attack on the full 24 round internal block cipher of Tiger . Tiger is a hash function proposed by Biham and Anderson at FSE’96. It takes about ten years until the first cryptanalytic result was presented by Kelsey and Lucks  at FSE’06. Up to now, the best known attack on the internal block cipher of Tiger is able to break 22 rounds. Our attack on the full 24 rounds of the Tiger block cipher has a data complexity of 23.5 chosen plaintexts and ciphertexts, which can be called memoryless. This is since we do not have to store all the data generated in our attack. The time complexity is about 2259.5 24-round Tiger encryptions. Moreover, we have further reduced the time complexity using a bit fixing technique to 2195.5 24-round encryptions.
Keywordsdifferential cryptanalysis related-key boomerang attack Tiger block cipher
Unable to display preview. Download preview PDF.
- 1.Anderson, R.J., Biham, E.: TIGER: A Fast New Hash Function. In: Gollmann , pp. 89–97Google Scholar
- 4.Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
- 6.Damgård, I.: A Design Principle for Hash Functions. In: Brassard , pp. 416–427 (1989)Google Scholar
- 7.Doganaksoy, A., Ozen, O., Varc, K.: On the Security of the Encryption Mode of Tiger (unpublished)Google Scholar
- 9.Indesteege, S., Preneel, B.: Preimages for Reduced-Round Tiger (unpublished), http://www.cosic.esat.kuleuven.be/publications/article-930.ps
- 13.Merkle, R.C.: One Way Hash Functions and DES. In: Brassard , pp. 428–446 (1989)Google Scholar
- 14.Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: Gollmann , pp. 121–144 (1996)Google Scholar