Rebound Distinguishers: Results on the Full Whirlpool Compression Function

Authors:
Mario Lamberger;Florian Mendel;Christian Rechberger;Vincent Rijmen;Martin Schläffer
Affiliations:
Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010 and Department of Electrical Engineering ESAT/COSIC, Katholieke Universiteit ...;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010
Venue:
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Year:
2009

Citing 17
Cited 36

Finite fields

Finite fields
Handbook of Applied Cryptography

Handbook of Applied Cryptography
The Design of Rijndael

The Design of Rijndael
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of DES-like Cryptosystems

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
The Wide Trail Design Strategy

Proceedings of the 8th IMA International Conference on Cryptography and Coding
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Known-key distinguishers for some block ciphers

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Cryptanalysis of the tiger hash function

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Cryptanalysis of GRINDAHL

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Collisions for 70-step SHA-1: on the full cost of collision search

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound attack on reduced-round versions of JH

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Practical rebound attack on 12-round cheetah-256

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Cryptography for network security: failures, successes and challenges

MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Known-key attacks on Rijndael with large blocks and strengthening shiftrow parameter

IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Cryptographic hash functions: theory and practice

ICICS'10 Proceedings of the 12th international conference on Information and communications security
Improved collision attacks on the reduced-round Grøstl hash function

ISC'10 Proceedings of the 13th international conference on Information security
Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Analysis of reduced-SHAvite-3-256 v2

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Practical near-collisions and collisions on round-reduced ECHO-256 compression function

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Practical attacks on the maelstrom-0 compression function

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
The NIST SHA-3 competition: a perspective on the final year

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Hyper-Sbox view of AES-like permutations: a generalized distinguisher

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
How to improve rebound attacks

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Known and chosen key differential distinguishers for block ciphers

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
The LED block cipher

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Experimental verification of super-sbox analysis: confirmation of detailed attack complexity

IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Rebound attacks on the reduced grøstl hash function

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Rebound attack on JH42

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Biclique cryptanalysis of the full AES

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Known-Key distinguisher on round-reduced 3d block cipher

WISA'11 Proceedings of the 12th international conference on Information Security Applications
Improved analysis of ECHO-256

SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
SPN-hash: improving the provable resistance against differential collision attacks

AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Improved known-key distinguishers on Feistel-SP ciphers and application to camellia

ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Improved rebound attack on the finalist grøstl

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Unaligned rebound attack: application to keccak

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Multi-differential cryptanalysis on reduced DM-PRESENT-80: collisions and other differential properties

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
The SHA-3 competition: lessons learned

Proceedings of the 6th International Conference on Security of Information and Networks
Internal differential collision attacks on the reduced-round GrØstl-0 hash function

Designs, Codes and Cryptography

Quantified Score

Hi-index	0.01

Visualization

Abstract

Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES. The main difference is the (compared to AES) extremely conservative key schedule. In this work, we present a distinguishing attack on the full compression function of Whirlpool. We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques. First, the inbound phase of the rebound attack is extended by up to two rounds using the available degrees of freedom of the key schedule. This results in a near-collision attack on 9.5 rounds of the compression function of Whirlpool with a complexity of 2176 and negligible memory requirements. Second, we show how to turn this near-collision attack into a distinguishing attack for the full 10 round compression function of Whirlpool. This is the first result on the full Whirlpool compression function.