Paper 2015/568
Cryptanalysis of Reduced-Round Whirlwind (Full Version)
Bingke Ma, Bao Li, Ronglin Hao, and Xiaoqian Li
Abstract
The \texttt{Whirlwind} hash function, which outputs a 512-bit digest, was designed by Barreto $et\ al.$ and published by \textit{Design, Codes and Cryptography} in 2010. In this paper, we provide a thorough cryptanalysis on \texttt{Whirlwind}. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round \texttt{Whirlwind}. In order to launch the preimage attack, we have to slightly tweak the original Meet-in-the-Middle preimage attack framework on \texttt{AES}-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round \texttt{Whirlpool} and \texttt{AES} hashing modes as well. Secondly, we investigate security properties of the reduced-round components of \texttt{Whirlwind}, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on \texttt{Whirlwind}.
Note: This article is the full version of the paper published at ACISP 2015.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Major revision. ACISP 2015
- Keywords
- cryptanalysishash functionWhirlwindWhirlpoolAESPGV
- Contact author(s)
- bkma @ is ac cn
- History
- 2015-06-17: received
- Short URL
- https://ia.cr/2015/568
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/568,
author = {Bingke Ma and Bao Li and Ronglin Hao and Xiaoqian Li},
title = {Cryptanalysis of Reduced-Round Whirlwind (Full Version)},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/568},
year = {2015},
url = {https://eprint.iacr.org/2015/568}
}
