Rebound Distinguishers: Results on the Full Whirlpool Compression Function

  • Mario Lamberger
  • Florian Mendel
  • Christian Rechberger
  • Vincent Rijmen
  • Martin Schläffer
Conference paper

DOI: 10.1007/978-3-642-10366-7_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)
Cite this paper as:
Lamberger M., Mendel F., Rechberger C., Rijmen V., Schläffer M. (2009) Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg

Abstract

Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES. The main difference is the (compared to AES) extremely conservative key schedule. In this work, we present a distinguishing attack on the full compression function of Whirlpool. We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques. First, the inbound phase of the rebound attack is extended by up to two rounds using the available degrees of freedom of the key schedule. This results in a near-collision attack on 9.5 rounds of the compression function of Whirlpool with a complexity of 2176 and negligible memory requirements. Second, we show how to turn this near-collision attack into a distinguishing attack for the full 10 round compression function of Whirlpool. This is the first result on the full Whirlpool compression function.

Keywords

hash functions cryptanalysis near-collision distinguisher 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mario Lamberger
    • 1
  • Florian Mendel
    • 1
  • Christian Rechberger
    • 1
  • Vincent Rijmen
    • 1
    • 2
    • 3
  • Martin Schläffer
    • 1
  1. 1.Institute for Applied Information Processing and CommunicationsGraz University of TechnologyGrazAustria
  2. 2.Department of Electrical Engineering ESAT/COSICKatholieke Universiteit LeuvenHeverleeBelgium
  3. 3.Interdisciplinary Institute for BroadBand Technology (IBBT)Belgium

Personalised recommendations