WHIRLPOOL Hash Function - By Fernando Axel Ellis Robert Daniel Zayas

WHIRLPOOL Hash Function

             By
     Fernando Axel Ellis
     Robert Daniel Zayas

Origins of Whirlpool
• Created by Vincent Rijmen and Paulo S. L. M.
  Barreto
• Hashes messages of plaintext length 2^256
• Result is a 512 bit message
• Three versions have been released
  – WHIRLPOOL-0
  – WHIRLPOOL-T
  – WHIRLPOOL

Structure of WHIRLPOOL
           • Merkle-
             Damgård strengthening
           • Miyaguchi-Preneel
             hashing scheme
           • “W” is a 512-bit block
             cipher
           • “m” is the plaintext,
             split into 512 bit blocks
           • “H” is the blocks
             formed from the hashes

W Explained
• The block cipher W is the core element of the
  Whirlpool hash function
• It is comprised of 4 steps.
  – Add Round Key
  – Shift Columns
  – Mix Rows
  – Substitute bytes

Add Round Key
• During the Add Round Key step, the message
  is XOR’d with the key
• If this is the first message block being run
  through, the key is a block of all zeros
• If this is any block except the first, the key is
  the digest of the previous block

Shift Columns
• Starting from left to right, each column gets
  rotated vertically a number of bytes equal to
  which number column it is, from top to
  bottom
  – Ex:
     • [0,0][0,1][0,2]         [0,0][2,1][1,2]
     • [1,0][1,1][1,2] ------> [1,0][0,1][2,2]
     • [2,0][2,1][2,2]         [2,0][1,1][0,2]

Mix Rows
• Each row gets shifted horizontally by the
  number of row it is. Similar to the shift column
  function, but rotated left to right
  – Ex:
     • [0,0][0,1][0,2]         [0,0][0,1][0,2]
     • [1,0][1,1][1,2] ------> [1,2][1,0][1,2]
     • [2,0][2,1][2,2]         [2,1][2,2][0,2]

Substitute bytes

• Each byte in the message is passed through a
  set of s-boxes

• The output of this is then set to be the key for
  the next round

The internal cipher “W”

Similarities between RIJNDAEL and W
Table 1: Differences between RIJNDAEL and W
                              RIJNDAEL                     W
Block size (bits)             128, 160, 192, 224, or 256   always 512
Number of rounds              10, 11, 12, 13, or 14        always 10
Key schedule                  dedicated a priori algorithm the round function itself

GF(28) reduction polynomial x8 + x4 + x3 + x + 1 (0x11B)   x8 + x4 + x3 + x2 + 1 (0x11D)

                              mapping u → u-1 over GF(28), recursive structure (see
Origin of the S-box
                              plus affine transform        below)

Origin of the round                                        successive entries of the S-
                              polynomials xi over GF(28)
constants                                                  box
                              left-multiplication by the   right-multiplication by the
Diffusion layer               4×4 circulant MDS matrix     8×8 circulant MDS matrix
                              cir(2, 3, 1, 1)              cir(1, 1, 4, 1, 8, 5, 2, 9)

Original Design
• First, the array of bytes passed into digest is
  converted into an array of 64 arrays of 8-bit
  arrays.
• Second, the arrays were then properly
  padded.
• Next, the arrays are then run through W for a
  total of 10 rounds.
• Finally the arrays were sent to the user as
  output.

Original Running Time Measurements

• Original running time with N set to 3000
   – 193447 msec

• Full Run Time profile is available at this link
   – http://people.rit.edu/fae6505/WhirlpoolFinalRep
     ort.pdf

Running Time Analysis
• Based on the results of the running time
  profile, three methods were found that took
  up quite a bit of time

  – Whirlpool.toBinary
  – Whirlpool.shiftColumns
  – Whirlpool.mixRows

.toBinary
• Originally, a byte was converted to a string
  and then called with .toByteArray.
• In order to cut down on conversion time, we
  dedided to set up a switch statement instead
• Using a switch statement, each byte was
  converted to an array of bits based on its
  value compared to different values of 2^n

Shift Columns/Mix Rows
• Originally these methods each used nested for
  loops to iterate through the bytes in the message
  and run them through the s-boxes
• In order to save time we computed what the
  resulting positions would be of an array that
  underwent both of these methods and wrote one
  method that used a large switch statement to
  change the message
• By combining these two methods into
  one method (SirMixALot), this reduced the
  number of iterations over the array

Revised Running Time Measurements

• Original running time with N set to 3000
   – 117363 msec

• Full Run Time profile is available at this link
   – http://people.rit.edu/fae6505/WhirlpoolFinalRep
     ort.pdf

Revised Analysis
• By revising these two methods, the runtime of
  the program was substantially increased as
  can be seen by the difference in time
• Original Time
  – 193447 msec
• Revised Time
  – 117363 msec

Knowledge Gained
• Although knowledge was gained on the actual
  workings of the Whirlpool hash function, the
  learning that this project provided went
  beyond just that
• We were able to understand, not just
  memorize, information about both hash
  functions and block ciphers

Possible Future Work
• Although there is no specific future work
  slotted for the WHIRLPOOL function, work
  could be done on the function to tailor it to a
  future users needs. For instance, the key/block
  size could be increased to 1024 bits instead of
  512 bits in order to make it more secure for a
  future user.

Naming of WHIRLPOOL
Whirlpool galaxy in Canes Venatici, M51, or NGC 5194

Works Cited
• Figures 1-4
  – http://www.larc.usp.br/~pbarreto/WhirlpoolPage.
    html
• Figure 5
  – http://www.utahskies.org/deepsky/constellations
    /canesvenatici.html

QUESTIONS?

QUESTIONS?