International Association
for Cryptologic Research

This memo collects references to published cryptanalytic results

which are directly relevant to the security evaluation of CAESAR first

round algorithm STRIBOB and its second round tweaked variant, WHIRLBOB.

During the first year after initial publication of STRIBOB and WHIRLBOB,

no cryptanalytic

breaks or other serious issues have emerged. The main difference in

the security between the two variants is that WHIRLBOB allows easier

creation of constant-time software implementations resistant to cache

timing attacks.