International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 16 June 2015

Bingke Ma, Bao Li, Ronglin Hao, Xiaoqian Li
ePrint Report ePrint Report
The \\texttt{Whirlwind} hash function, which outputs a 512-bit digest, was designed by Barreto $et\\ al.$ and published by \\textit{Design, Codes and Cryptography} in 2010. In this paper, we provide a thorough cryptanalysis on \\texttt{Whirlwind}. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round \\texttt{Whirlwind}. In order to launch the preimage attack, we have to slightly tweak the original Meet-in-the-Middle preimage attack framework on \\texttt{AES}-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round \\texttt{Whirlpool} and \\texttt{AES} hashing modes as well. Secondly, we investigate security properties of the reduced-round components of \\texttt{Whirlwind}, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutation. As far as we know, our results are currently the best cryptanalysis on \\texttt{Whirlwind}.

Expand

Additional news items may be found on the IACR news page.