Unkeyed cryptographic
Tiger
Designed by Ross Anderson and Eli Biham in 1995. Tiger was one of the first hash functions explicitly designed for 64-bit processors, well ahead of its time. 192-bit output, S-box-based round function, designed to be three times faster than SHA-1 on Alpha hardware.
At a glance
| Output | 192 bits (48 hex chars). Tiger/160 and Tiger/128 are truncated variants. |
|---|---|
| Block size | 512 bits |
| Word size | 64 bits |
| Rounds | 3 passes of 8 rounds each (24 total) |
| Designer | Ross Anderson and Eli Biham (1995) |
| Status | No practical collision break; output size too small for new designs |
Where it shows up
- Tiger Tree Hash (TTH) , binary tree of Tiger hashes used in ed2k, eDonkey, DC++, Gnutella2 to identify and verify chunks of large files.
- Direct Connect P2P clients , TTH for file IDs.
- Some early Linux fingerprint tools.
Tiger2
A 2005 update changed the padding from the original Tiger’s 0x01 first padding byte to 0x80 , aligning with most other hash functions. Tiger2 produces different digests from Tiger for the same input. Most TTH implementations use the original Tiger.
Security status
Best published attacks cover reduced-round variants (Mendel, Rijmen): pseudo-near-collisions on 16 of 24 rounds. Full Tiger has no practical break. The reason Tiger doesn’t see modern use is its 192-bit output (only 96-bit collision security) and the dominance of SHA-2 / SHA-3 in standard-track contexts.
References
Quick quiz
Test yourself on tiger
10 multiple-choice questions. Pick an answer for each, then submit to see explanations.
Q1.Designers of Tiger:
Q2.Tiger's output size:
Q3.Where is Tiger most used today?
Q4.Tiger was designed for which CPU type?
Q5.Total Tiger rounds:
Q6.Has full Tiger been collision-broken?
Q7.Year Tiger was published:
Q8.Tiger2 differs from Tiger in:
Q9.Tiger is in which Wikipedia family?
Q10.Why isn't Tiger common for new designs?