WHIRLPOOL

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

WHIRLPOOL is a cryptographic hash function designed by Vincent Rijmen and Paulo SLM Barreto. The hash has been recommended by the NESSIE project. It has also been adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as part of the joint ISO/IEC 10118-3 international standard.

WHIRLPOOL is a hash designed after the Square block cipher. WHIRLPOOL is a Miyaguchi-Preneel construction based on a substantially modified Advanced Encryption Standard (AES). Given a message less than 2²⁵⁶ bits in length, it returns a 512-bit message digest.

WHIRLPOOL is not patented. It may be used free of charge for any purpose. The reference implementations are in the public domain.

The algorithm is named after the Whirlpool Galaxy in Canes Venatici.

Historically, WHIRLPOOL had three versions. The first version, WHIRLPOOL-0, was submitted to the NESSIE project. Its "tweaked" successor, WHIRLPOOL-T, was selected for the NESSIE portfolio of cryptographic primitives. A flaw in its diffusion layer reported by Shirai and Shibutani ("On the diffusion matrix employed in the Whirlpool hashing function," NESSIE public report, 2003) was fixed afterwards, and the final version (called simply WHIRLPOOL for short) was adopted by the International Organization for Standardization (ISO) in the ISO/IEC 10118-3:2004 standard.

The Miyaguchi-Preneel hashing scheme

WHIRLPOOL uses Merkle-Damgård strengthening and the Miyaguchi-Preneel hashing scheme with a dedicated 512-bit block cipher

Assume we take as hash result the value of any n-bit substring of the full WHIRLPOOL output. The design of WHIRLPOOL sets the following security goals:

The expected workload of generating a collision is of the order of 2n/2 executions of WHIRLPOOL.
Given an n-bit value, the expected workload of finding a message that hashes to that value is of the order of 2n executions of WHIRLPOOL.
Given a message and its n-bit hash result, the expected workload of finding a second message that hashes to the same value is of the order of 2n executions of WHIRLPOOL.
It is infeasible to detect systematic correlations between any linear combination of input bits and any linear combination of bits of the hash result, or to predict what bits of the hash result will change value when certain input bits are flipped (this means resistance against linear and differential attacks).

1 Examples
2 See Also
3 Books of Interest
4 References

Examples

Some example hashes generated by WHIRLPOOL:

WHIRLPOOL0("Hello World!") = d6061a55ffa87abc5454fc9f990eff70accd3ac68caef018582172a2092d72e1
                             84d7afd3425f743901081b9f83dc2cd0fe7e4b6862141bfc170592f51fdb0ccb

WHIRLPOOL1("Hello World!") = 5fa86a0b612a1241db0ee40537e011fb3d845bcec67d230fb417a68506c12497
                             6eb630a8acc14dcd0f60c95fd220f7001c363d9f40647aec1df9a2a0d615bbb1

WHIRLPOOL2("Hello World!") = d4b3ad3619bc70157376c5426b558dbdad30654cf441ab21d7c08e993873256b
                             ecc80f32448d0218d5b1aab30bf4209e20e3928df002d3cbcfbe501a184680a8

Books of Interest

References

Retrieved from "http://www.cryptodox.com/WHIRLPOOL"

Category: Hash Functions

Navigation

WHIRLPOOL

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Contents

Examples

See Also

Books of Interest

References