2015 | OriginalPaper | Chapter
Cryptanalysis of Reduced-Round Whirlwind
Authors : Bingke Ma, Bao Li, Ronglin Hao, Xiaoqian Li
Published in: Information Security and Privacy
Publisher: Springer International Publishing
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
The
Whirlwind
hash function, which outputs a 512-bit digest, was designed by Barreto
$$et\ al.$$
e
t
a
l
.
and published by
Design, Codes and Cryptography
in 2010. In this paper, we provide a thorough cryptanalysis on
Whirlwind
. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round
Whirlwind
. In order to launch the preimage attack, we have to slightly tweak the original Meet-in-the-Middle preimage attack framework on
AES
-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round
Whirlpool
and
AES
hashing modes as well. Secondly, we investigate security properties of the reduced-round components of
Whirlwind
, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on
Whirlwind
.