TIGER HASH
In this topic we present a detail description about the Tiger hash cryptographic
and also some other has functions to help understand this topic. There are many
hash functions but the most popular ones are MD5 and SHA-1. We shall briefly
go through about each of them. The MD5 (Message Digest) was developed by
Ron Rivest and in fact all MDs were developed by him. The MD5 is originated
from MD4 and with out put of 128 bit.
The other hash function is SHA-1(Secure Hash Algorithm) which is adopted by
the U.S government as a standard. It has been originated from SHA-0 with
similar algorithm to MD5. The out put of SHA-1 is 180-bit and considered to be
more secure than MD5. The above two hash functions consist of number of
rounds and in fact they are reminiscent of block ciphers.
As long as hash function is not compromised or no collisions, we consider it
secure. For block ciphers, efficiency is a major concern in the design of hash
functions. For example, it’s more costly to compute the hash of Y than to sign Y,
the hash function is not very useful, at least in the signing application discussed
above.
“A desirable property of any cryptographic hash function is the so-called
avalanche effect, or strong avalanche effect. The goal is that any small change
in the input should result in a large change in the output. Ideally, any change in
the input will result in output values that are uncorrelated, and an attacker will
then be forced to conduct an exhaustive search for collisions”. Ideally, the
avalanche effect should occur after a few rounds while expecting the rounds to
be simple and efficient.
The Tiger Hash was developed by Ross Anderson and Eli Biham. The structure
design of this hash function seems to be more than SHA–1 or MD5. It can be
considered as a reminiscent of a block cipher.
Tiger Hash was designed and it is supposed to be “fast and strong” and hence
the name. It was also designed for optimal performance on 64-bit. The input to
Tiger is divided into 512-bit blocks, with the input padded to a multiple of 512
bits, if necessary. The output of Tiger is 192 bits. The numerology behind the
choice of 192 is that Tiger is designed for 64-bit processors and 192 bits is
exactly three 64-bit words. In Tiger, all intermediate rounds also consist of 192
bit values.
Tiger Hash is an important type of alternative hash functions and it is proved to
be secure so far as there is no known collision attack on the full Tiger (in all
there are 24 rounds). Tiger’s block cipher employs four S-boxes, each of which
maps 8 bits to 64 bits. Please refer table 1 for notation.
The Round Function of Tiger:
The state update transformation starts with IV and at each round three 64-bit
state variables A, B, C updates are as given herein.
A=A
even (C)
B = (B
odd (C)
B= B
mult, where mult {5,7,9}
C = C Xi bit-wise XOR-operation of C and X
So we have obtained 64-bit message word from 512-bit message block and the
non-linear functions even and odd operate on even and odd bytes of the input as
defined below:
– even(C) = T1[c0] T2[c2] T3[c4] T4[c6]
– odd(C) = T4[c1] T3[c3] T2[c5] T1[c7]
Four 8 x 64 bit S-boxes are used in even and odd functions and it is shown as
t1, t2, t3 and t4 where C[i] indicates ith byte of C (0≤i≤7, 7th byte is the most
significant byte. The ith round input values are shown by Ai, Bi, Ci (three 64-bit
words) where i ε {0,1,2,…,24}, ith round message block= Xi and ith round output
= Ai+1, Bi+1, Ci+1. One step of Tiger is shown in figure 1 of the PowerPoint.
Before the beginning of the second 8-round pass, intermediate values A, B, C
are updated as C8, A8, and B8. Again before beginning of the last 8-round pass,
intermediate values are updated and they are assigned to B16, C16 and A16.
Now after the last round of the state update transformation, the initial value A0,
B0 and C0, the last output of the last round A24, B24, C24 are combined
resulting to the hash value/IV as below:
– A25 = A0
A24
– B25 = B0
B24
- C25 = C0
C24
The block cipher mode of Tiger is straight forward. The chaining operations of
the intermediate values are omitted and it is treated as a block cipher encrypting
192-bit plaintext message to 192-bit ciphertext message using 512-bit secret
key. There is no need to invert odd and even functions because their inverses
do not affect the decryption mode. In the decryption mode, the inverses of
modular operations are used.
The Key Schedule:
As mentioned in key schedule table, 512-bit message block is expanded to
24 x 64-bit message blocks by using a message expansion algorithm. The nonlinear invertible message expansion of Tiger uses some logical operations. The
key schedule is an invertible function which ensures that changing a small
number of bits in the message will have lot of affect in the next rounds. The
message rounds X0, ...X7 are used in the first rounds to update the state
variables, the remaining 16 message words (8 for the second pass and 8 for the
third pass) are generated by applying the key schedule as mentioned below: In
all there are 24 rounds.
(X8, … X15) = Key Schedule (X0,… X7)
(X16, … X23) = Key Schedule (X8,… X15)
The key schedule modifies the inputs (X0, … X7) in two steps as shown in the
key schedule table in the PowerPoint slides.
Conclusion: We have mentioned that the Tiger Hash has 24 rounds inclusive of
three outer rounds, each has eight inner rounds. All intermediate hash values are
192 bits. We have also stated that the S-boxes were designed in such a way that
each input bit has an affects on each of A, B, and C after three rounds. The key
schedule algorithm is designed so that a small change in the input message can
have grater impact in the intermediate hash values. So, together (S-boxes and
key schedule) produce an avalanche affect which is desired property of Tiger.
Finally, Tiger is similar to block cipher design since it uses S-boxes, many
numbers of rounds, mixed mode of algorithm, key schedule and many more. So
far no attack is known for the full Tiger has function.
Submitted by:
Udomrat Jaiaue
Zecko
5170381049
5170180011