A Bit-Slice Implementation of the Whirlpool Hash Function
This work presents a bit-slice implementation of the Whirlpool hash function for 64-bit CPUs, which processes a single input block in one pass. It describes the general approach for developing the formulas and presents the results. This implementation does not need table lookups that depend on the data, which makes it immune against cache timing attacks, e.g. if used in an HMAC. Moreover, it requires 63% less memory (code and data) than the reference implementation of Whirlpool, and the performance of an implementation in C that uses some SSE2 instructions is only about 40% less. Additional improvements seem possible.
KeywordsHash Function Block Cipher Compression Function Reference Implementation Round Function
Unable to display preview. Download preview PDF.
- 1.ISO/IEC 10118-3:2004: Information technology – Security techniques – Hash-functions – Part 3: Dedicated hash-functions. International Organization for Standardization, Geneva, Switzerland (2004)Google Scholar
- 2.Barreto, P.S.L.M., Rijmen, V.: The WHIRLPOOL Hashing Function (May 2003)Google Scholar
- 3.Bernstein, D.J.: Cache-timing attacks on AES (April 2005)Google Scholar
- 5.Fog, A.: The microarchitecture of Intel and AMD CPU’s (August 2006)Google Scholar
- 8.Pramstaller, N., Rechberger, C., Rijmen, V.: A compact FPGA implementation of the hash function whirlpool. In: Wilton, S.J.E., DeHon, A. (eds.) FPGA, pp. 159–166. ACM, New York (2006)Google Scholar
- 10.Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar