2011 Volume E94.A Issue 1 Pages 110-120
This paper evaluates the preimage resistance of the Tiger hash function. To our best knowledge, the maximum number of the attacked steps is 17 among previous preimage attacks on Tiger, where the full version has 24 steps. Our attack will extend the number of the attacked steps to 23. The main contribution is a pseudo-preimage attack on the compression function up to 23 steps with a complexity of 2181 following the meet-in-the-middle approach. This attack can be converted to a preimage attack on 23-step Tiger hash function with a complexity of 2187.5. The memory requirement of our attack is 222 words. A Tiger digest has 192bits. Therefore, our attacks are faster than the exhaustive search.