The WHIRLPOOL Hashing Function
Vincent Rijmen2001, World Wide Web - WWW
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
We present Whirlpool, a 512-bit hash function operating on messages less than 2256 bits in length. The function structure is de- signed according to the Wide Trail strategy and permits a wide variety of implementation tradeos.
Related papers
Whirlwind: a new cryptographic hash function
Designs, Codes and Cryptography, 2010
A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6.
LHash: A Lightweight Hash Function
Lecture Notes in Computer Science, 2014
In this paper, we propose a new lightweight hash function supporting three different digest sizes: 80, 96 and 128 bits, providing preimage security from 64 to 120 bits, second preimage and collision security from 40 to 60 bits. LHash requires about 817 GE and 1028 GE with a serialized implementation. In faster implementations based on function T , LHash requires 989 GE and 1200 GE with 54 and 72 cycles per block, respectively. Furthermore, its energy consumption evaluated by energy per bit is also remarkable. LHash allows to make trade-offs among security, speed, energy consumption and implementation costs by adjusting parameters. The design of LHash employs a kind of Feistel-PG structure in the internal permutation, and this structure can utilize permutation layers on nibbles to improve the diffusion speed. The adaptability of LHash in different environments is good, since different versions of LHash share the same basic computing module. The low-area implementation comes from the hardware-friendly Sbox and linear diffusion layer. We evaluate the resistance of LHash against known attacks and confirm that LHash provides a good security margin.
TWISTERπ - a framework for secure and fast hash functions
International Journal of Applied Cryptography, 2010
In this paper we present TWISTER π , a framework for hash functions. It is an improved version of TWISTER, a candidate of the NIST SHA-3 hash function competition. TWISTER π is built upon the ideas of wide pipe and sponge functions. The core of this framework is a-very easy to analyse-Twister-Round providing both extremely fast diffusion as well as collision-freeness for one internal Twister-Round. The total security level is claimed to be not below /2 2 n for collision attacks and 2 n for (2nd) pre-image attacks. TWISTER π instantiations are secure against all known generic attacks. We also propose two instances TWISTER π-n for hash output sizes n = 256 and n = 512. These instantiations are highly optimised for 64-bit architectures and run very fast in hardware and software, e.g TWISTER π-256 is faster than SHA2-256 on 64-bit platforms and TWISTER π-512 is faster than SHA2-512 on 32-bit platforms. Furthermore, TWISTER π scales very well on low-end platforms.
Whirlpool hash function: architecture and VLSI implementation
2004
Abstract New encryption algorithms have to operate in a variety of current and future applications demanding both high speed and high security. An architecture and VLSI implementation of the newest standard in the hash families, Whirlpool that achieves high-speed performance is presented. The architecture permits a wide variety of implementation tradeoffs. The design was coded using VHDL language and for the hardware implementation a FPGA device was used.
ZesT: an all-purpose hash function based on Zémor-Tillich
2008
Hash functions are a very important cryptographic primitive. The collision resistance of provable hash functions relies on hard mathematical problems. This makes them very appealing for the cryptographic community since collision resistance is by far the most important property that a hash function should satisfy. However, provable hash functions tend to be slower than specially-designed hash functions like SHA, and their algebraic structure often implies homomorphic properties and weak behaviors on particular inputs. We introduce the ZesT hash function, a provable hash function that is based on the Zémor-Tillich hash function. ZesT is provably collision and preimage resistant if the balance problem corresponding to Zémor-Tillich is hard, a problem that has remained unbroken since CRYPTO'94. The function admits an ultra-lightweight implementation in ASIC and it is currently between 2 to 3 times less efficient than SHA on FPGA, and between 4 to 10 times slower than SHA in software. The function has structural parallelism, and its simplicity will certainly allow a much wider range of implementations and many code optimization techniques. A careful examination and pseudorandom tests performed with the Dieharder revealed no apparent malleability weakness, which suggests that the function can be used as a general-purpose hash function. Finally, ZesT can be slightly modified to reach all the requirements of the NIST competition. We stress that the hardness of the balance problem corresponding to Zémor-Tillich should be further studied and better established by the cryptography community. In that case, our function ZesT will definitely become a very appealing all-purpose hash function. Research Fellow of the Belgian Fund for Scientific Research (F.R.S.-FNRS) at Université catholique de Louvain (UCL). A member of BCRYPT network.
The hash function family LAKE
2008
This paper advocates a new hash function family based on the HAIFA framework, inheriting built-in randomized hashing and higher security guarantees than the Merkle-Damgård construction against generic attacks. The family has as its special design features: a nested feedforward mechanism and an internal wide-pipe construction within the compression function. As examples, we give two proposed instances that compute 256-and 512-bit digests, with a 8-and 10-round compression function respectively.
A new Hash Function Based on Combination of Existing Digest Algorithms
2007
Hash functions were introduced in cryptology as a tool to protect the authenticity of information. SHA-1, MD5, and RIPEMD are among the most commonly-used hash function message digest algorithms. Nowadays scientists have found weaknesses in a number of hash functions, including MD5, SHA and RIPEMD so the purpose of this paper is combination of some function to reinforce these functions. Recent works have presented collision attacks on SHA-1, MD5 hash functions so the natural response to overcome this threat was assessing the weak points of these protocols that actually depend on collision resistance for their security, and potentially schedule an upgrade to a stronger hash function. Other options involve altering the protocol in some way. This work suggests a different option. We present several simple message pre-processing techniques and show how the techniques can be combined with MD5 or SHA-1 so that applications are no longer vulnerable to the known collision attacks.
Regular and almost universal hashing: an efficient implementation
Software: Practice and Experience, 2016
Random hashing can provide guarantees regarding the performance of data structures such as hash tableseven in an adversarial setting. Many existing families of hash functions are universal: given two data objects, the probability that they have the same hash value is low given that we pick hash functions at random. However, universality fails to ensure that all hash functions are well behaved. We might further require regularity: when picking data objects at random they should have a low probability of having the same hash value, for any fixed hash function. We present the efficient implementation of a family of non-cryptographic hash functions (PM+) offering good running times, good memory usage as well as distinguishing theoretical guarantees: almost universality and component-wise regularity. On a variety of platforms, our implementations are comparable to the state of the art in performance. On recent Intel processors, PM+ achieves a speed of 4.7 bytes per cycle for 32-bit outputs and 3.3 bytes per cycle for 64-bit outputs. We review vectorization through SIMD instructions (e.g., AVX2) and optimizations for superscalar execution.
An Efficient Cryptographic Hash Algorithm (BSA)
2010
Recent cryptanalytic attacks have exposed the vulnerabilities of some widely used cryptographic hash functions like MD5 and SHA-1. Attacks in the line of differential attacks have been used to expose the weaknesses of several other hash functions like RIPEMD, HAVAL. In this paper we propose a new efficient hash algorithm that provides a near random hash output and overcomes some of the earlier weaknesses. Extensive simulations and comparisons with some existing hash functions have been done to prove the effectiveness of the BSA, which is an acronym for the name of the 3 authors.
Related topics
Related papers
SPONGENT: A Lightweight Hash Function
This paper proposes spongent -a family of lightweight hash functions with hash sizes of 88 (for preimage resistance only), 128, 160, 224, and 256 bits based on a sponge construction instantiated with a present-type permutation, following the hermetic sponge strategy. Its smallest implementations in ASIC require 738, 1060, 1329, 1728, and 1950 GE, respectively. To our best knowledge, at all security levels attained, it is the hash function with the smallest footprint in hardware published so far, the parameter being highly technology dependent. spongent offers a lot of flexibility in terms of serialization degree and speed. We explore some of its numerous implementation trade-offs. We furthermore present a security analysis of spongent. Basing the design on a present-type primitive provides confidence in its security with respect to the most important attacks. Several dedicated attack approaches are also investigated.
Merged computation for Whirlpool hashing
2008
This paper presents an improved hardware structure for the computation of the Whirlpool hash function. By merging the round key computation with the data compression and by using embedded memories to perform part of the Galois Field (2 8 ) multiplication, a core can be implemented in just 43% of the area of the best current related art while achieving a 12% higher throughput. The proposed core improves the Throughput per Slice compared to the state of the art by 160%, achieving a throughput of 5.47 Gbit/s with 2110 slices and 32 BRAMs on a VIRTEX II Pro FPGA. Results for a real application are also presented by considering a polymorphic computational approach.
The Hash Function "Fugue
IACR Cryptology ePrint Archive, 2014
We describe Fugue, a hash function supporting inputs of length upto 2 64 -1 bits and hash outputs of length upto 512 bits. Notably, Fugue is not based on a compression function. Rather, it is directly a hash function that support variable-length input. The starting point for Fugue is the hash function Grindahl, but it extends that design to protect against the kinds of attacks that were developed for Grindahl, as well as earlier hash functions like SHA-1. A key enhancement is the design of a much stronger round function which replaces the AES round function of Grindahl, using better codes (over longer words) than the AES 4 × 4 MDS matrix. Also, Fugue makes judicious use of this new round function on a much larger internal state. The design of Fugue is proof-oriented: the various components are designed in such a way as to allow proofs of security. As a result, we can prove that current attack methods cannot find collisions in Fugue any faster than the trivial birthday attack. Although the proof is computer assisted, the assistance is limited to computing ranks of various matrices.
HaF - A New Family of Hash Functions
Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems, 2012
Paper presents a family of parameterized hash functions allowing for flexibility between security and performance. The family consists of three basic hash functions: HaF-256, HaF-512 and HaF-1024 with message digests equal to 256, 512 and 1024 bits, respectively. Details of functions' structure are presented. Method for obtaining function's S-box is described along with the rationale behind it. Security considerations are discussed.
[PDF]Design and Analysis of a New Hash Algorithm with Key
Message Integrity and authenticity are the primary aim with the ever increasing network protocols' speed. Cryptographic Hash Functions are main building block of message integrity. Many types of hash functions are being used and developed. In this paper, we propose and describe a new keyed hash function. This newly designed function produces a hash code of 128 bits for an arbitrary length input. The function also uses a key during hashing, so any intruder that does not know key, cannot forge the hash code, and, thus it fulfills the purpose of security, authentication and integrity for a message in network. The paper discusses the algorithm for the function design, its security aspects and implementation details.
An Overview of Cryptographic Hash Functions
2002
Abstract This report gives a survey on cryptographic hash functions. It gives an overview of different types of hash functions and reviews design principles. It also focuses on keyed hash functions and suggests some applications and constructions of keyed hash functions. We have used hash (keyed) function for authenticating messages encrypted using Rijndael [1] block cipher. Moreover, a parallel message digest has been implemented using VHDL.
VSH, an Efficient and Provable Collision-Resistant Hash Function
2006
We introduce VSH, very smooth hash, a new S-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an S-bit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of S. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in S. VSH is theoretically pleasing because it requires just a single multiplication modulo the S-bit composite per Ω(S) message-bits (as opposed to O(logS) message-bits for previous provably secure hashes). It is relatively practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the difficulty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.
Design and analysis of hash functions
2007
A function that compresses an arbitrarily large message into a fixed small size ‘message digest’ is known as a hash function. For the last two decades, many types of hash functions have been defined but, the most widely used in many of the cryptographic applications currently are hash functions based on block ciphers and the dedicated hash functions. Almost all the dedicated hash functions are generated using the Merkle-Damgard construction which is developed independently by Merkle and Damgard in 1989 [6, 7]. A hash function is said to be broken if an attacker is able to show that the design of the hash function violates at least one of its claimed security property. There are various types of attacking strategies found on hash functions, such as attacks based on the block ciphers, attacks depending on the algorithm, attacks independent of the algorithm, attacks based on signature schemes, and high level attacks. Besides this, in recent years, many structural weaknesses have been f...
FORK-160: A New 160-bit Software-Oriented Hash Function
IJCSNS, 2007
There are various cryptographic protocols in which 160-bit message digest is required. SHA-1is the most well-known 160bit hash function which is still used in protocols despite of its vulnerabilities against collision attacks. Lack of 160-bit hash function structures and disadvantages of truncating outputs of other secure hash functions (security problems and inefficiency) motivated us to introduce a new 160-bit hash function. In this paper, we describe our new software-efficient hash function FORK-160. Hence the name, this function uses basic design principles from the recently proposed hash function FORK-256. However, FORK-160 aims at improving FORK-256 both on security and efficiency. Most notably, FORK-160 uses more secure step function, reasonable message ordering and additive constants which make it resistant against existing cryptanalysis especially local collision attacks.
An Efficient and Secure One Way Cryptographic Hash Function with Digest Length of 1024Bits
It has always been a challenge to send information from one person to another through the internet safely. Advances in technology make it possible for a hacker to intercept such messages, manipulate them and then resends them. Another bad use of technology is seen when a hacker illegally gains access into an access-controlled system and causes havoc. Mostly, it is either he will steal the credentials (username, password, etc) of a user of the system or predict such credentials by exploiting the weakness in technology. There is also the issue with two people both claiming single ownership of an invention. One-way cryptographic hash functions can be used to curb these problems. Researchers have however revealed serious security flaws in the existing hash functions such as SHA512, MD5, RIPEMD160, and HAVAL128 etc. This research proposes a novel approach to constructing one-way cryptographic hash functions by using a more complex message padding procedure whereby characters in the message, as well as characters in the reversed message, are appended to the message. This results in a secure digest. The proposed hash function produces a digest of length 1024 bits which make it currently impossible to find a collision. The proposed hash function also makes extensive use of the bitwise operator, exclusive-or. This operator has a 50% chance of flipping every input bit. The more it is used in the calculation of the digest, the more secured the digest will be.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.