The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launch the preimage attack, we have to slightly tweak the original Meet-in the- Middle preimage attack framework on AES-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round Whirlpool and AES hashing modes as well. Secondly, we investigate security properties of the reduced-round components of Whirlwind, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on Whirlwind.
CITATION STYLE
Ma, B., Li, B., Hao, R., & Li, X. (2015). Cryptanalysis of reduced-round whirlwind. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9144, pp. 20–38). Springer Verlag. https://doi.org/10.1007/978-3-319-19962-7_2
Mendeley helps you to discover research relevant for your work.