Whirlwind: a new cryptographic hash function. (English) Zbl 1256.94042

Summary: A new cryptographic hash function, Whirlwind, is presented. We give a full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6.


94A60 Cryptography
11T71 Algebraic coding theory; cryptography (number-theoretic aspects)
12E30 Field arithmetic
Full Text: DOI


[1] Barreto P., Rijmen V.: The Anubis block cipher. First open NESSIE Workshop, Leuven, November 13–14 (2000).
[2] Barreto P., Rijmen V.: The Whirlpool hashing function. First open NESSIE Workshop, Leuven, November 13–14 (2000).
[3] Benadjila R., Billet O., Gilbert H., Macario-Rat G., Peyrin T., Robshaw M., Seurin Y.: SHA-3 Proposal: ECHO. Submitted to NIST (2008).
[4] Bernstein D.J.: CubeHash Specification. Submitted to NIST (2008).
[5] Bertoni G., Daemen J., Peeters M., Van Assche G.: On the Indifferentiability of the Sponge Construction. EUROCRYPT, LNCS, vol. 4965, pp. 181–197 (2008). · Zbl 1149.94304
[6] Biham E., Dunkelman O.: The SHAvite-3 Hash Function. Submitted to NIST (2008).
[7] Biryukov A.: Design of a New Stream Cipher–LEX. New Stream Cipher Designs, LNCS, vol. 4986, pp. 48–56 (2008).
[8] Contini S., Lenstra A.K., Steinfeld R.: VSH, an Efficient and Provable Collision-Resistant Hash Function. EUROCRYPT, LNCS, vol. 4004, pp. 165–182 (2006). · Zbl 1140.94331
[9] Daemen J., Rijmen V.: The Design of Rijndael: AES–The Advanced Encryption Standard. Springer (2002). · Zbl 1065.94005
[10] Daemen J., Rijmen V.: Plateau characteristics and AES. IET Inf. Secur. 1(1), March 2007, 11–17.
[11] Daemen J., Rijmen V.: New criteria for linear maps in AES-like ciphers. Cryptography and Communications Discrete Structures, Boolean Functions and Sequences, vol. 1, no. 1. Springer, pp. 47–69 (2009). · Zbl 1178.94184
[12] Gauravaram P., Knudsen L.R., Matusiewicz K., Mendel F. Rechberger C., Schläffer M., Thomsen S.S.: Grøstl–a SHA-3 Candidate. Submitted to NIST (2008).
[13] Hilewitz Y., Yin Y., Lee R.: Accelerating the Whirlpool Hash Function Using Parallel Table Lookup and Fast Cyclical Permutation. FSE, LNCS, vol. 5086, pp. 173–188 (2008). · Zbl 1154.68393
[14] Ideguchi K., Owada T., Yoshida H.: A Study on RAM Requirements of Various SHA-3 Candidates on Low-cost 8-bit CPUs. May 2009. http://www.sdl.hitachi.co.jp/crypto/lesamnta/A_Study_on_RAM_Requirements.pdf .
[15] IEEE 1363 draft 13: Standard Specifications for Public Key Cryptography, November 1999. http://grouper.ieee.org/groups/1363/ .
[16] Indesteege S.: The LANE Hash Function. Submitted to NIST (2008). · Zbl 1182.94041
[17] Käsper E., Schwabe P.: Faster and Timing-Attack Resistant AES-GCM. CHES, LNCS, vol. 5747, pp. 1–17 (2009). · Zbl 1290.94102
[18] Lamberger M., Mendel F., Rechberger C., Rijmen V., Schläffer M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. ASIACRYPT, LNCS, vol. 5912, pp. 126–143 (2009). · Zbl 1267.94079
[19] Lidl R., Niederreiter H.: Introduction to Finite Fields and Their Applications. Cambridge University Press, London (1986) · Zbl 0629.12016
[20] Matusiewicz K., Naya-Plasencia M., Nikolic I., Sasaki Y., Schläffer M.: Rebound Attack on the Full LANE Compression Function. ASIACRYPT, LNCS, vol. 5912, pp. 106–125 (2009). · Zbl 1267.94083
[21] Mendel F., Rechberger C., Schläffer M., Thomsen S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. FSE, LNCS, vol. 5665, pp. 260–276 (2009). · Zbl 1291.94130
[22] Mullin R., Onyszchuk L., Vanstone S., Wilson R.: Optimal Normal Bases in GF(p n ). Discr. Appl. Math. 22(2), 149–161 (1989) · Zbl 0661.12007
[23] Nakajima J., Matsui M.: Performance Analysis and Parallel Implementation of Dedicated Hash Functions. EUROCRYPT, LNCS, vol. 2332, pp. 165–180 (2002). · Zbl 1055.68542
[24] Nikova S., Rijmen V., Schläffer M.: Using Normal Bases for Compact Hardware Implementations of the AES S-Box. SCN, LNCS, vol. 5229, pp. 236–245 (2008). · Zbl 1180.68154
[25] Nyberg K.: Differentially uniform mappings for cryptography. EUROCRYPT, LNCS, vol. 765, pp. 55–64 (1992). · Zbl 0951.94510
[26] Paar C.: Efficient VLSI Architectres for Bit-Parallel Computations in Galois Fields. Ph.D. thesis, University of Essen (1994).
[27] Perlis S.: Normal bases of cyclic fields of prime-power degree. Duke Math. J. 9(3), 507–517 (1942) · Zbl 0063.06163
[28] Rivest R.L.: The MD6 Hash Function–A Proposal to NIST for SHA-3. Submitted to NIST (2008).
[29] Saarinen M.-J.O.: Security of VSH in the Real World. INDOCRYPT, LNCS, vol. 4329, pp. 95–103 (2006). · Zbl 1175.94098
[30] Vaudenay S.: Hidden Collisions on DSS. CRYPTO, LNCS, vol. 1109 pp. 83–88 (1996). · Zbl 1329.94080
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.