Rebound Distinguishers: Results on the Full Whirlpool Compression Function

Mario Lamberger, Florian Mendel, Christian Rechberger, Vincent Rijmen, Martin Schläffer

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES. The main difference is the (compared to AES) extremely conservative key schedule. In this work, we present a distinguishing attack on the full compression function of Whirlpool. We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques. First, the inbound phase of the rebound attack is extended by up to two rounds using the available degrees of freedom of the key schedule. This results in a near-collision attack on 9.5 rounds of the compression function of Whirlpool with a complexity of 2176 and negligible memory requirements. Second, we show how to turn this near-collision attack into a distinguishing attack for the full 10 round compression function of Whirlpool. This is the first result on the full Whirlpool compression function.
Original languageEnglish
Title of host publicationAdvances in Cryptology - ASIACRYPT 2009
Subtitle of host publication15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009, Proceedings
Place of PublicationBerlin; Heidelberg
PublisherSpringer
Pages126-143
ISBN (Print)978-3-642-10365-0
DOIs
Publication statusPublished - 2009
Event15th International Conference on the Theory and Application of Cryptology and Information Security: ASIACRYPT 2009 - Tokyo, Japan
Duration: 6 Dec 200910 Dec 2009

Publication series

NameLecture Notes in Computer Science
Volume5912

Conference

Conference15th International Conference on the Theory and Application of Cryptology and Information Security
Abbreviated titleASIACRYPT 2009
Country/TerritoryJapan
CityTokyo
Period6/12/0910/12/09

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Dive into the research topics of 'Rebound Distinguishers: Results on the Full Whirlpool Compression Function'. Together they form a unique fingerprint.
  • EU - ECRYPT II - European network of excellence in cryptology - Phase II

    Schmidt, J., Nad, T., Kirschbaum, M., Feldhofer, M., Schläffer, M., Aigner, M. J., Rechberger, C., Lamberger, M., Tillich, S., Medwed, M., Hutter, M., Rijmen, V., Mendel, F. & Posch, R.

    1/08/0831/01/13

    Project: Research project

  • Cryptography

    Schläffer, M. (Co-Investigator (CoI)), Oswald, M. E. (Co-Investigator (CoI)), Lipp, P. (Co-Investigator (CoI)), Dobraunig, C. E. (Co-Investigator (CoI)), Mendel, F. (Co-Investigator (CoI)), Eichlseder, M. (Co-Investigator (CoI)), Nad, T. (Co-Investigator (CoI)), Posch, R. (Co-Investigator (CoI)), Lamberger, M. (Co-Investigator (CoI)), Rijmen, V. (Co-Investigator (CoI)) & Rechberger, C. (Co-Investigator (CoI))

    1/01/9531/01/19

    Project: Research area

Cite this