Admin: Created page with "In cryptography, '''Tiger''' is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit pla..."

2019-03-23T07:45:33Z

Created page with "In cryptography, '''Tiger''' is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit pla..."

New page

In [[cryptography]], '''Tiger''' is a [[cryptographic hash function]] designed by [[Ross J. Anderson|Ross Anderson]] and [[Eli Biham]] in 1995 for efficiency on [[64-bit]] platforms. The size of a Tiger hash value is 192 bits. Truncated versions (known as Tiger/128 and Tiger/160) can be used for compatibility with protocols assuming a particular hash size. Unlike the [[SHA-2]] family, no distinguishing initialization values are defined; they are simply prefixes of the full Tiger/192 hash value.

'''Tiger2''' is a variant where the message is padded by first appending a byte with the hexadecimal value of 0x80 as in [[MD4]], [[MD5]] and [[Secure Hash Algorithm (disambiguation)|SHA]], rather than with the hexadecimal value of 0x01 as in the case of Tiger. The two variants are otherwise identical.

==Algorithm==
Tiger is designed using the nearly universal [[Merkle-Damgård construction|Merkle-Damgård paradigm]]. The [[one-way compression function]] operates on 64-bit words, maintaining 3 words of state and processing 8 words of data. There are 24 rounds, using a combination of operation mixing with XOR and addition/subtraction, rotates, and [[S-box]] lookups, and a fairly intricate key scheduling algorithm for deriving 24 round keys from the 8 input words.

Although fast in software, Tiger's large S-boxes (4 S-boxes, each with 256 64-bit entries totals 8 [[KiB]]) make implementations in hardware or small [[microcontroller]]s difficult.

==Usage==
Tiger is frequently used in [[Merkle tree|Merkle hash tree]] form, where it is referred to as TTH ([[Merkle tree#Tiger tree hash|Tiger Tree Hash]]). TTH is used by many clients on the [[Direct connect file-sharing application|Direct Connect]] and [[Gnutella]] file sharing networks, and is recommended to be included into the [[BitTorrent]] metafile for better content availability.

Tiger was considered for inclusion in the [[OpenPGP]] standard, but was abandoned in favor of [[RIPEMD]]-160..

==OID==
refers to TIGER as one having no [[Object identifier|OID]], whereas the [[GNU Coding Standards]] list TIGER as having OID <code>1.3.6.1.4.1.11591.12.2</code>. In the [[IPSEC]] subtree, HMAC-TIGER is assigned OID <code>1.3.6.1.5.5.8.1.3</code>. No OID for TTH has been announced yet.

==Byte Order==
The specification of Tiger does not define the way the output of Tiger should be printed but only defines the result to be three ordered 64-bit integers. The "testtiger" program at the author's homepage was intended to allow easy testing of the test source code, rather than to define any particular print order. The protocols [[Direct Connect (file sharing)|Direct Connect]] and [[Advanced Direct Connect|ADC]] as well as the program <code>tthsum</code> use little-endian byte order, which is also preferred by one of the authors.

==Examples==
In the example below, the 192-bit (24-byte) Tiger hashes are represented as 48 [[hexadecimal]] digits in little-endian byte order. The following demonstrates a 43-byte [[ASCII]] input and the corresponding Tiger hashes:

Tiger("The quick brown fox jumps over the lazy og") =
6d12a41e72e644f017b6f0e2f7b44c6285f06dd5d2c5b075

Tiger2("The quick brown fox jumps over the lazy og") =
976abff8062a2e9dcea3a1ace966ed9c19cb85558b4976d8

Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing <tt>d</tt> to <tt>c</tt>:



Tiger("The quick brown fox jumps over the lazy og") =
a8f04b0f7201a0d728101c9d26525b31764a3493fcd8458f

Tiger2("The quick brown fox jumps over the lazy og") =
09c11330283a27efb51930aa7dc1ec624ff738a8d9bdd3df

The hash of the zero-length string is:

Tiger("") =
3293ac630c13f0245f92bbb1766e16167a4e58492dde73f3

Tiger2("") =
4441be75f6018773c206c22745374b924aa8313fef919f41

==Cryptanalysis==
Unlike MD5 or SHA-0/1, there are no known effective attacks on the full 24-round Tiger While MD5 processes its state with 64 simple 32-bit operations per 512-bit block and SHA-1 with 80, Tiger updates its state with a total of 144 such operations per 512-bit block, additionally strengthened by large S-box look-ups.

[[John Kelsey (cryptanalyst)|John Kelsey]] and [[Stefan Lucks]] have found a collision-finding attack on 16-round Tiger with a time complexity equivalent to about 244 compression function invocations and another attack that finds pseudo-near collisions in 20-round Tiger with work less than that of 248 compression function invocations. [[Florian Mendel]] et al. have improved upon these attacks by describing a collision attack spanning 19 rounds of Tiger, and a 22-round pseudo-near-collision attack. These attacks require a work effort equivalent to about 262 and 244 evaluations of the Tiger compression function, respectively.

==See also==
* [[Hash function security summary]]
* [[Comparison of cryptographic hash functions]]
* [[List of hash functions]]
* [[Serpent (cipher)|Serpent]] — A block cipher by the same authors

== External links ==
*

==Source==

[http://wikipedia.org/ http://wikipedia.org/]
[[Category:Cryptography]]

Tiger (cryptography) - Revision history

Admin: Created page with "In cryptography, '''Tiger''' is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit pla..."