A Bit-Slice Implementation of the Whirlpool Hash Function

  • Karl Scheibelhofer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4377)


This work presents a bit-slice implementation of the Whirlpool hash function for 64-bit CPUs, which processes a single input block in one pass. It describes the general approach for developing the formulas and presents the results. This implementation does not need table lookups that depend on the data, which makes it immune against cache timing attacks, e.g. if used in an HMAC. Moreover, it requires 63% less memory (code and data) than the reference implementation of Whirlpool, and the performance of an implementation in C that uses some SSE2 instructions is only about 40% less. Additional improvements seem possible.


Hash Function Block Cipher Compression Function Reference Implementation Round Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ISO/IEC 10118-3:2004: Information technology – Security techniques – Hash-functions – Part 3: Dedicated hash-functions. International Organization for Standardization, Geneva, Switzerland (2004)Google Scholar
  2. 2.
    Barreto, P.S.L.M., Rijmen, V.: The WHIRLPOOL Hashing Function (May 2003)Google Scholar
  3. 3.
    Bernstein, D.J.: Cache-timing attacks on AES (April 2005)Google Scholar
  4. 4.
    Biham, E.: A Fast New DES Implementation in Software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  5. 5.
    Fog, A.: The microarchitecture of Intel and AMD CPU’s (August 2006)Google Scholar
  6. 6.
    Matsui, M.: How Far Can We Go on the x64 Processors? In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    May, L., Penna, L., Clark, A.: An implementation of bitsliced des on the pentium mmxtm processor. In: Clark, A., Boyd, C., Dawson, E.P. (eds.) ACISP 2000. LNCS, vol. 1841, pp. 112–122. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Pramstaller, N., Rechberger, C., Rijmen, V.: A compact FPGA implementation of the hash function whirlpool. In: Wilton, S.J.E., DeHon, A. (eds.) FPGA, pp. 159–166. ACM, New York (2006)Google Scholar
  9. 9.
    Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Karl Scheibelhofer
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations