Second Preimage Analysis of Whirlwind [chapter]

Riham AlTawy, Amr M. Youssef
2015 Lecture Notes in Computer Science  
Whirlwind is a keyless AES-like hash function that adopts the Sponge model. According to its designers, the function is designed to resist most of the recent cryptanalytic attacks. In this paper, we evaluate the second preimage resistance of the Whirlwind hash function. More precisely, we apply a meet in the middle preimage attack on the compression function which allows us to obtain a 5-round pseudo preimage for a given compression function output with time complexity of 2 385 and memory
more » ... xity of 2 128 . We also employ a guess and determine approach to extend the attack to 6 rounds with time and memory complexities of 2 496 and 2 112 , respectively. Finally, by adopting another meet in the middle attack, we are able to generate n-block message second preimages of the 5 and 6-round reduced hash function with time complexity of 2 449 and 2 505 and memory complexity of 2 128 and 2 112 , respectively.
doi:10.1007/978-3-319-16745-9_17 fatcat:usi7fzjqebg5bfx36di6xvwe5u