Abstract
The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launch the preimage attack, we have to slightly tweak the original Meet-in the- Middle preimage attack framework on AES-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round Whirlpool and AES hashing modes as well. Secondly, we investigate security properties of the reduced-round components of Whirlwind, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on Whirlwind.
Author supplied keywords
Cite
CITATION STYLE
Ma, B., Li, B., Hao, R., & Li, X. (2015). Cryptanalysis of reduced-round whirlwind. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9144, pp. 20–38). Springer Verlag. https://doi.org/10.1007/978-3-319-19962-7_2
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
