From 2710a519dd04fcd5280e59d914ba6a2fb9c9e2a7 Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Mon, 2 Mar 2009 21:43:42 +0000
Subject: [PATCH] add cryptanalysis of tiger

[Imported from Trac: page Bibliography, version 34]
---
 Bibliography.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Bibliography.md b/Bibliography.md
index 1f60ac1..d9e6a0b 100644
--- a/Bibliography.md
+++ b/Bibliography.md
@@ -13,6 +13,8 @@ Here are some papers that are potentially of interest.
 
 [EnRUPT](http://enrupt.com) a very simple, fast, and flexible primitive which could be used as stream cipher, secure hash function, or MAC (the first two are primitives that we currently need, and the third one -- MAC -- is a primitive that we may want in the future) and which relies for its security on a large number of rounds.  The question of how many rounds to use is decided by semi-automated cryptanalysis.  (Note: the stream-hash version of enRUPT, known as "irRUPT" has been shown to be insecure in the SHA-3 contest.  The traditional Merkle-Damgard variant -- mdRUPT -- is probably secure.)
 
+[Cryptanalysis of the Tiger Hash Function](https://online.tu-graz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=81263) by Mendel and RIjmen
+
 [defectoscopy.com](http://defectoscopy.com/results.html) a table of semi-automated cryptanalysis results from the inventors of EnRUPT.  This technique has not been peer-reviewed by other cryptographers.  I (Zooko) can't judge how valid it is.  Note that Tiger is one of only two hash functions that are predicted to be secure by this analysis -- the other is Whirlpool.  MD-4/5, SHA-0/1/2, and GOST are predicted to be insecure.
 
 ### Elliptic Curve Cryptography