WHIRLPOOL Hash Function - By Fernando Axel Ellis Robert Daniel Zayas
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
WHIRLPOOL Hash Function
By
Fernando Axel Ellis
Robert Daniel ZayasOrigins of Whirlpool • Created by Vincent Rijmen and Paulo S. L. M. Barreto • Hashes messages of plaintext length 2^256 • Result is a 512 bit message • Three versions have been released – WHIRLPOOL-0 – WHIRLPOOL-T – WHIRLPOOL
Structure of WHIRLPOOL
• Merkle-
Damgård strengthening
• Miyaguchi-Preneel
hashing scheme
• “W” is a 512-bit block
cipher
• “m” is the plaintext,
split into 512 bit blocks
• “H” is the blocks
formed from the hashesW Explained • The block cipher W is the core element of the Whirlpool hash function • It is comprised of 4 steps. – Add Round Key – Shift Columns – Mix Rows – Substitute bytes
Add Round Key • During the Add Round Key step, the message is XOR’d with the key • If this is the first message block being run through, the key is a block of all zeros • If this is any block except the first, the key is the digest of the previous block
Shift Columns
• Starting from left to right, each column gets
rotated vertically a number of bytes equal to
which number column it is, from top to
bottom
– Ex:
• [0,0][0,1][0,2] [0,0][2,1][1,2]
• [1,0][1,1][1,2] ------> [1,0][0,1][2,2]
• [2,0][2,1][2,2] [2,0][1,1][0,2]Mix Rows
• Each row gets shifted horizontally by the
number of row it is. Similar to the shift column
function, but rotated left to right
– Ex:
• [0,0][0,1][0,2] [0,0][0,1][0,2]
• [1,0][1,1][1,2] ------> [1,2][1,0][1,2]
• [2,0][2,1][2,2] [2,1][2,2][0,2]Substitute bytes • Each byte in the message is passed through a set of s-boxes • The output of this is then set to be the key for the next round
The internal cipher “W”
Similarities between RIJNDAEL and W
Table 1: Differences between RIJNDAEL and W
RIJNDAEL W
Block size (bits) 128, 160, 192, 224, or 256 always 512
Number of rounds 10, 11, 12, 13, or 14 always 10
Key schedule dedicated a priori algorithm the round function itself
GF(28) reduction polynomial x8 + x4 + x3 + x + 1 (0x11B) x8 + x4 + x3 + x2 + 1 (0x11D)
mapping u → u-1 over GF(28), recursive structure (see
Origin of the S-box
plus affine transform below)
Origin of the round successive entries of the S-
polynomials xi over GF(28)
constants box
left-multiplication by the right-multiplication by the
Diffusion layer 4×4 circulant MDS matrix 8×8 circulant MDS matrix
cir(2, 3, 1, 1) cir(1, 1, 4, 1, 8, 5, 2, 9)Original Design • First, the array of bytes passed into digest is converted into an array of 64 arrays of 8-bit arrays. • Second, the arrays were then properly padded. • Next, the arrays are then run through W for a total of 10 rounds. • Finally the arrays were sent to the user as output.
Original Running Time Measurements
• Original running time with N set to 3000
– 193447 msec
• Full Run Time profile is available at this link
– http://people.rit.edu/fae6505/WhirlpoolFinalRep
ort.pdfRunning Time Analysis • Based on the results of the running time profile, three methods were found that took up quite a bit of time – Whirlpool.toBinary – Whirlpool.shiftColumns – Whirlpool.mixRows
.toBinary • Originally, a byte was converted to a string and then called with .toByteArray. • In order to cut down on conversion time, we dedided to set up a switch statement instead • Using a switch statement, each byte was converted to an array of bits based on its value compared to different values of 2^n
Shift Columns/Mix Rows • Originally these methods each used nested for loops to iterate through the bytes in the message and run them through the s-boxes • In order to save time we computed what the resulting positions would be of an array that underwent both of these methods and wrote one method that used a large switch statement to change the message • By combining these two methods into one method (SirMixALot), this reduced the number of iterations over the array
Revised Running Time Measurements
• Original running time with N set to 3000
– 117363 msec
• Full Run Time profile is available at this link
– http://people.rit.edu/fae6505/WhirlpoolFinalRep
ort.pdfRevised Analysis • By revising these two methods, the runtime of the program was substantially increased as can be seen by the difference in time • Original Time – 193447 msec • Revised Time – 117363 msec
Knowledge Gained • Although knowledge was gained on the actual workings of the Whirlpool hash function, the learning that this project provided went beyond just that • We were able to understand, not just memorize, information about both hash functions and block ciphers
Possible Future Work • Although there is no specific future work slotted for the WHIRLPOOL function, work could be done on the function to tailor it to a future users needs. For instance, the key/block size could be increased to 1024 bits instead of 512 bits in order to make it more secure for a future user.
Naming of WHIRLPOOL Whirlpool galaxy in Canes Venatici, M51, or NGC 5194
Works Cited
• Figures 1-4
– http://www.larc.usp.br/~pbarreto/WhirlpoolPage.
html
• Figure 5
– http://www.utahskies.org/deepsky/constellations
/canesvenatici.htmlQUESTIONS?
QUESTIONS?
You can also read
