Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks

Authors:
Yu Sasaki;Lei Wang;Shuang Wu;Wenling Wu
Affiliations:
NTT Corporation, Japan;The University of Electro-Communications, Japan, Nanyang Technological University, Singapore;Institute of Software, Chinese Academy of Sciences, China;Institute of Software, Chinese Academy of Sciences, China
Venue:
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Year:
2012

Citing 24
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
A Switching Closure Test to Analyze Cryptosystems

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Distinguisher and Related-Key Attack on the Full AES-256

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Preimage Attacks on One-Block MD4, 63-Step MD5 and More

Selected Areas in Cryptography
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Practical rebound attack on 12-round cheetah-256

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Practical near-collisions and collisions on round-reduced ECHO-256 compression function

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Hyper-Sbox view of AES-like permutations: a generalized distinguisher

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
How to improve rebound attacks

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Rebound attacks on the reduced grøstl hash function

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Biclique cryptanalysis of the full AES

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Improved rebound attack on the finalist grøstl

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
(Pseudo) preimage attack on round-reduced grøstl hash function and others

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, improved cryptanalyses for the ISO standard hash function Whirlpool are presented with respect to the fundamental security notions. While a subspace distinguisher was presented on full version (10 rounds) of the compression function, its impact to the security of the hash function seems limited. In this paper, we discuss the (second) preimage and collision attacks for the hash function and the compression function of Whirlpool. Regarding the preimage attack, 6 rounds of the hash function are attacked with 2481 computations while the previous best attack is for 5 rounds with 2481.5 computations. Regarding the collision attack, 8 rounds of the compression function are attacked with 2120 computations, while the previous best attack is for 7 rounds with 2184 computations. To verify the correctness, especially for the rebound attack on the Sbox with an unbalanced Differential Distribution Table (DDT), the attack is partially implemented, and the differences from attacking the Sbox with balanced DDT are reported.