Article

Rebound Distinguishers: Results on the Full Whirlpool Compression Function

Authors:

Mario Lamberger,

Florian Mendel,

Christian Rechberger,

Vincent Rijmen,

Martin SchläfferAuthors Info & Claims

ASIACRYPT '09: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

Pages 126 - 143

https://doi.org/10.1007/978-3-642-10366-7_8

Published: 02 December 2009 Publication History

Abstract

Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES. The main difference is the (compared to AES) extremely conservative key schedule. In this work, we present a distinguishing attack on the full compression function of Whirlpool. We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques. First, the inbound phase of the rebound attack is extended by up to two rounds using the available degrees of freedom of the key schedule. This results in a near-collision attack on 9.5 rounds of the compression function of Whirlpool with a complexity of 2¹⁷⁶ and negligible memory requirements. Second, we show how to turn this near-collision attack into a distinguishing attack for the full 10 round compression function of Whirlpool. This is the first result on the full Whirlpool compression function.

References

[1]

Barreto, P.S.L.M., Rijmen, V.: The Whirlpool Hashing Function. Submitted to NESSIE (September 2000), http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html (2008/12/11) (revised May 2003)

[2]

Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2-21. Springer, Heidelberg (1991)

Digital Library

[3]

Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320-335. Springer, Heidelberg (2002)

Digital Library

[4]

Daemen, J., Rijmen, V.: The Wide Trail Design Strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222-238. Springer, Heidelberg (2001)

Digital Library

[5]

Daemen, J., Rijmen, V.: The Design of Rijndael. Information Security and Cryptography. Springer, Heidelberg (2002), ISBN 3-540-42580-2

Digital Library

[6]

De Cannière, C., Mendel, F., Rechberger, C.: Collisions for 70-Step SHA-1: On the Full Cost of Collision Search. In: Adams, C.M., Miri, A., Wiener, M.J. (eds.) SAC 2007. LNCS, vol. 4876, pp. 56-73. Springer, Heidelberg (2007)

Digital Library

[7]

De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1-20. Springer, Heidelberg (2006)

Digital Library

[8]

Filho, D.G., Barreto, P.S., Rijmen, V.: The Maelstrom-0 hash function. In: SBSeg 2006 (2006)

[9]

Fisher, S.D.: Classroom Notes: Matrices over a Finite Field. Amer. Math. Monthly 73(6), 639-641 (1966)

[10]

Knudsen, L.R.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196-211. Springer, Heidelberg (1995)

[11]

Knudsen, L.R.: Non-random properties of reduced-round Whirlpool. NESSIE public report, NES/DOC/UIB/WP5/017/1 (2002)

[12]

Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315-324. Springer, Heidelberg (2007)

Digital Library

[13]

Lidl, R., Niederreiter, H.: Finite Fields, Encyclopedia of Mathematics and its Applications, 2nd edn., vol. 20. Cambridge University Press, Cambridge (1997); with a foreword by P. M. Cohn

Digital Library

[14]

Matusiewicz, K., Naya-Plasencia, M., Nikolić, I., Sasaki, Y., Schläffer, M.: Rebound Attack on the Full LANE Compression Function. In:Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 106-125. Springer, Heidelberg (2009)

Digital Library

[15]

Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16-35. Springer, Heidelberg (2009)

Digital Library

[16]

Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260-276. Springer, Heidelberg (2009)

Digital Library

[17]

Mendel, F., Rijmen, V.: Cryptanalysis of the Tiger Hash Function. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 536-550. Springer, Heidelberg (2007)

Digital Library

[18]

Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997), http://www.cacr.math.uwaterloo.ca/hac/

Digital Library

[19]

National Institute of Standards and Technology: FIPS PUB 197, Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, U.S. Department of Commerce (November 2001)

[20]

NESSIE: New European Schemes for Signatures, Integrity, and Encryption. IST- 1999-12324, http://cryptonessie.org/

[21]

Peyrin, T.: Cryptanalysis of Grindahl. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 551-567. Springer, Heidelberg (2007)

Digital Library

[22]

Robbins, H.: A remark on Stirling's formula. Amer. Math. Monthly 62, 26-29 (1955)

[23]

Shannon, C.E.: Communication Theory of Secrecy Systems. Bell Systems Technical Journal 28, 656-715 (1949)

[24]

Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1-18. Springer, Heidelberg (2005)

Digital Library

[25]

Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17-36. Springer, Heidelberg (2005)

Digital Library

[26]

Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19-35. Springer, Heidelberg (2005)

Digital Library

Cited By

Taiyama KSakamoto KShiba RIsobe T(2024)Collision Attacks on Hashing Modes of AreionCryptology and Network Security10.1007/978-981-97-8016-7_12(265-285)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1007/978-981-97-8016-7_12
Chen SGuo JList EShi DZhang T(2024)Diving Deep into the Preimage Security of AES-Like HashingAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58716-0_14(398-426)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58716-0_14
Grassi LHao YRechberger CSchofnegger MWalch RWang Q(2023)Horst Meets Fluid-SPN: Griffin for Zero-Knowledge ApplicationsAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38548-3_19(573-606)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38548-3_19
Show More Cited By

Recommendations

The Rebound Attack and Subspace Distinguishers: Application to Whirlpool

We introduce the rebound attack as a variant of differential cryptanalysis on hash functions and apply it to the hash function Whirlpool, standardized by ISO/IEC. We give attacks on reduced variants of the 10-round Whirlpool hash function and ...
Cryptanalysis of the tiger hash function
ASIACRYPT'07: Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security

Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recently, weaknesses have been shown in round-reduced variants of the Tiger hash function. First, at FSE 2006, Kelsey and Lucks presented a ...
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption

In this work, we propose the rebound attack, a new tool for the cryptanalysis of hash functions. The idea of the rebound attack is to use the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

ASIACRYPT '09: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

December 2009

720 pages

ISBN:9783642103650

Editor:
Mitsuru Matsui
Information Technology R&D Center, Mitsubishi Electric Corporation, Kamakura, Kanagawa, Japan 247-8501

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 02 December 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

57
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Taiyama KSakamoto KShiba RIsobe T(2024)Collision Attacks on Hashing Modes of AreionCryptology and Network Security10.1007/978-981-97-8016-7_12(265-285)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1007/978-981-97-8016-7_12
Chen SGuo JList EShi DZhang T(2024)Diving Deep into the Preimage Security of AES-Like HashingAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58716-0_14(398-426)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58716-0_14
Grassi LHao YRechberger CSchofnegger MWalch RWang Q(2023)Horst Meets Fluid-SPN: Griffin for Zero-Knowledge ApplicationsAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38548-3_19(573-606)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38548-3_19
Ashur TMahzoun MToprakhisar DYin HStavrou ACremers CShi E(2022)Chaghri - A FHE-friendly Block CipherProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3559364(139-150)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3559364
Li SLiu GPham P(2022)Rebound Attacks on Hashing with Automatic ToolsNetwork and System Security10.1007/978-3-031-23020-2_37(649-666)Online publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-23020-2_37
Dong XGuo JLi SPham P(2022)Triangulating Rebound Attack on AES-like HashingAdvances in Cryptology – CRYPTO 202210.1007/978-3-031-15802-5_4(94-124)Online publication date: 15-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-15802-5_4
Bao ZGuo JShi DTu Y(2022)Superposition Meet-in-the-Middle Attacks: Updates on Fundamental Security of AES-like HashingAdvances in Cryptology – CRYPTO 202210.1007/978-3-031-15802-5_3(64-93)Online publication date: 15-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-15802-5_3
Dong XZhang ZSun SWei CWang XHu L(2021)Automatic Classical and Quantum Rebound Attacks on AES-Like Hashing by Exploiting Related-Key DifferentialsAdvances in Cryptology – ASIACRYPT 202110.1007/978-3-030-92062-3_9(241-271)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1007/978-3-030-92062-3_9
Dong XHua JSun SLi ZWang XHu L(2021)Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage AttacksAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84252-9_10(278-308)Online publication date: 16-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-84252-9_10
Beierle CDerbez PLeander GLeurent GRaddum HRotella YRupprecht DStennes L(2021)Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2Advances in Cryptology – EUROCRYPT 202110.1007/978-3-030-77886-6_6(155-183)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-77886-6_6
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten