Abstract
Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES. The main difference is the (compared to AES) extremely conservative key schedule. In this work, we present a distinguishing attack on the full compression function of Whirlpool. We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques. First, the inbound phase of the rebound attack is extended by up to two rounds using the available degrees of freedom of the key schedule. This results in a near-collision attack on 9.5 rounds of the compression function of Whirlpool with a complexity of 2176 and negligible memory requirements. Second, we show how to turn this near-collision attack into a distinguishing attack for the full 10 round compression function of Whirlpool. This is the first result on the full Whirlpool compression function. © 2009 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., & Schläffer, M. (2009). Rebound distinguishers: Results on the full Whirlpool compression function. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5912 LNCS, pp. 126–143). https://doi.org/10.1007/978-3-642-10366-7_8
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
