Cryptanalysis of Reduced-Round Whirlwind

4 years 2 months ago
Cryptanalysis of Reduced-Round Whirlwind
The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launch the preimage attack, we have to slightly tweak the original Meet-in-the-Middle preimage attack framework on AES-like compression functions by partially fixing the values of the state. Based on this slightly tweaked framework, we are able to construct several new and interesting preimage attacks on reduced-round Whirlpool and AES hashing modes as well. Secondly, we investigate security properties of the reduced-round components of Whirlwind, including semi-free-start and free-start (near) collision attacks on the compression function, and a limited-birthday distinguisher on the inner permutatio...
Bingke Ma, Bao Li, Ronglin Hao, Xiaoqian Li
Added 13 Apr 2016
Updated 13 Apr 2016
Type Journal
Year 2015
Authors Bingke Ma, Bao Li, Ronglin Hao, Xiaoqian Li
Comments (0)