*00:17*[Pub][ePrint] Lighter, Faster, and Constant-Time: WhirlBob, the Whirlpool variant of StriBob, by Markku-Juhani O. Saarinen

WhirlBob is a new Authenticated Encryption with Associated Data (AEAD)

algorithm derived from the first round CAESAR candidate StriBob

and the Whirlpool hash algorithm. The main advantage of WhirlBob over

StriBob is its greatly reduced implementation footprint on

resource-constrained platforms. Remarkably, the entire C reference

implementation of WhirlBob $\\pi$ fits onto a single page of the Appendix.

On most low-end microcontrollers the total software footprint of

$\\pi$+BLNK = WhirlBob AEAD is less than half a kilobyte. The greatly

reduced hardware gate count is also reflected as efficient bitsliced

straight-line implementations, especially on 64-bit platforms. Bitslicing

works as an efficient countermeasure against AES-style cache timing

side-channel attacks. The new design utilizes only the LPS or $\\rho$

keying line of Whirlpool in a flexible domain-separated Sponge mode BLNK

and adds the number of rounds in $\\pi$ permutation from 10 to 12 as a

countermeasure against Rebound Distinguishing attacks of ASIACRYPT \'09.

As with StriBob, the reduced-size Sponge design has a strong provable

security link with the original hash algorithm. We finally present some

discussion and analysis on differences between Whirlpool, the Russian

GOST Streebog hash, and the recently proposed draft Russian

Encryption Standard Kuznyechik.