Abstract
A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Barreto P., Rijmen V.: The Anubis block cipher. First open NESSIE Workshop, Leuven, November 13–14 (2000).
Barreto P., Rijmen V.: The Whirlpool hashing function. First open NESSIE Workshop, Leuven, November 13–14 (2000).
Benadjila R., Billet O., Gilbert H., Macario-Rat G., Peyrin T., Robshaw M., Seurin Y.: SHA-3 Proposal: ECHO. Submitted to NIST (2008).
Bernstein D.J.: CubeHash Specification. Submitted to NIST (2008).
Bertoni G., Daemen J., Peeters M., Van Assche G.: On the Indifferentiability of the Sponge Construction. EUROCRYPT, LNCS, vol. 4965, pp. 181–197 (2008).
Biham E., Dunkelman O.: The SHAvite-3 Hash Function. Submitted to NIST (2008).
Biryukov A.: Design of a New Stream Cipher—LEX. New Stream Cipher Designs, LNCS, vol. 4986, pp. 48–56 (2008).
Contini S., Lenstra A.K., Steinfeld R.: VSH, an Efficient and Provable Collision-Resistant Hash Function. EUROCRYPT, LNCS, vol. 4004, pp. 165–182 (2006).
Daemen J., Rijmen V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Springer (2002).
Daemen J., Rijmen V.: Plateau characteristics and AES. IET Inf. Secur. 1(1), March 2007, 11–17.
Daemen J., Rijmen V.: New criteria for linear maps in AES-like ciphers. Cryptography and Communications Discrete Structures, Boolean Functions and Sequences, vol. 1, no. 1. Springer, pp. 47–69 (2009).
Gauravaram P., Knudsen L.R., Matusiewicz K., Mendel F. Rechberger C., Schläffer M., Thomsen S.S.: Grøstl—a SHA-3 Candidate. Submitted to NIST (2008).
Hilewitz Y., Yin Y., Lee R.: Accelerating the Whirlpool Hash Function Using Parallel Table Lookup and Fast Cyclical Permutation. FSE, LNCS, vol. 5086, pp. 173–188 (2008).
Ideguchi K., Owada T., Yoshida H.: A Study on RAM Requirements of Various SHA-3 Candidates on Low-cost 8-bit CPUs. May 2009. http://www.sdl.hitachi.co.jp/crypto/lesamnta/A_Study_on_RAM_Requirements.pdf.
IEEE 1363 draft 13: Standard Specifications for Public Key Cryptography, November 1999. http://grouper.ieee.org/groups/1363/.
Indesteege S.: The LANE Hash Function. Submitted to NIST (2008).
Käsper E., Schwabe P.: Faster and Timing-Attack Resistant AES-GCM. CHES, LNCS, vol. 5747, pp. 1–17 (2009).
Lamberger M., Mendel F., Rechberger C., Rijmen V., Schläffer M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. ASIACRYPT, LNCS, vol. 5912, pp. 126–143 (2009).
Lidl R., Niederreiter H.: Introduction to Finite Fields and Their Applications. Cambridge University Press, London (1986)
Matusiewicz K., Naya-Plasencia M., Nikolic I., Sasaki Y., Schläffer M.: Rebound Attack on the Full LANE Compression Function. ASIACRYPT, LNCS, vol. 5912, pp. 106–125 (2009).
Mendel F., Rechberger C., Schläffer M., Thomsen S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. FSE, LNCS, vol. 5665, pp. 260–276 (2009).
Mullin R., Onyszchuk L., Vanstone S., Wilson R.: Optimal Normal Bases in GF(p n). Discr. Appl. Math. 22(2), 149–161 (1989)
Nakajima J., Matsui M.: Performance Analysis and Parallel Implementation of Dedicated Hash Functions. EUROCRYPT, LNCS, vol. 2332, pp. 165–180 (2002).
Nikova S., Rijmen V., Schläffer M.: Using Normal Bases for Compact Hardware Implementations of the AES S-Box. SCN, LNCS, vol. 5229, pp. 236–245 (2008).
Nyberg K.: Differentially uniform mappings for cryptography. EUROCRYPT, LNCS, vol. 765, pp. 55–64 (1992).
Paar C.: Efficient VLSI Architectres for Bit-Parallel Computations in Galois Fields. Ph.D. thesis, University of Essen (1994).
Perlis S.: Normal bases of cyclic fields of prime-power degree. Duke Math. J. 9(3), 507–517 (1942)
Rivest R.L.: The MD6 Hash Function—A Proposal to NIST for SHA-3. Submitted to NIST (2008).
Saarinen M.-J.O.: Security of VSH in the Real World. INDOCRYPT, LNCS, vol. 4329, pp. 95–103 (2006).
Vaudenay S.: Hidden Collisions on DSS. CRYPTO, LNCS, vol. 1109 pp. 83–88 (1996).
Acknowledgments
We would like to thank the referees for their comments which improved the paper. This work was sponsored by the Research Fund K. U. Leuven, by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy) and by the European Commission through the ICT Programme under Contract ICT-2007-216676 (ECRYPT II). Elmar Tischhauser is a research assistant of the F.W.O., Fund for Scientific Research—Flanders.
Open Access
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by L. Storme.
Dedicated to the memory of András Gács (1969–2009).
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Barreto, P., Nikov, V., Nikova, S. et al. Whirlwind: a new cryptographic hash function. Des. Codes Cryptogr. 56, 141–162 (2010). https://doi.org/10.1007/s10623-010-9391-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-010-9391-y