[Resource Topic] 2015/568: Cryptanalysis of Reduced-Round Whirlwind (Full Version)

Welcome to the resource topic for 2015/568

Title:
Cryptanalysis of Reduced-Round Whirlwind (Full Version)

Authors: Bingke Ma, Bao Li, Ronglin Hao, Xiaoqian Li

Abstract:

The \texttt{Whirlwind} hash function, which outputs a 512-bit digest, was designed by Barreto et\ al. and published by \textit{Design, Codes and Cryptography} in 2010. In this paper, we provide a thorough cryptanalysis on \texttt{Whirlwind}. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round \texttt{Whirlwind}. In order to launch the preimage attack, we have to slightly tweak the original Meet-in-the-Middle preimage attack framework on \texttt{AES}-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round \texttt{Whirlpool} and \texttt{AES} hashing modes as well. Secondly, we investigate security properties of the reduced-round components of \texttt{Whirlwind}, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on \texttt{Whirlwind}.

ePrint: https://eprint.iacr.org/2015/568

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .