WHIRLPOOL Hash Function - By Fernando Axel Ellis Robert Daniel Zayas
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Origins of Whirlpool • Created by Vincent Rijmen and Paulo S. L. M. Barreto • Hashes messages of plaintext length 2^256 • Result is a 512 bit message • Three versions have been released – WHIRLPOOL-0 – WHIRLPOOL-T – WHIRLPOOL
Structure of WHIRLPOOL • Merkle- Damgård strengthening • Miyaguchi-Preneel hashing scheme • “W” is a 512-bit block cipher • “m” is the plaintext, split into 512 bit blocks • “H” is the blocks formed from the hashes
W Explained • The block cipher W is the core element of the Whirlpool hash function • It is comprised of 4 steps. – Add Round Key – Shift Columns – Mix Rows – Substitute bytes
Add Round Key • During the Add Round Key step, the message is XOR’d with the key • If this is the first message block being run through, the key is a block of all zeros • If this is any block except the first, the key is the digest of the previous block
Shift Columns • Starting from left to right, each column gets rotated vertically a number of bytes equal to which number column it is, from top to bottom – Ex: • [0,0][0,1][0,2] [0,0][2,1][1,2] • [1,0][1,1][1,2] ------> [1,0][0,1][2,2] • [2,0][2,1][2,2] [2,0][1,1][0,2]
Mix Rows • Each row gets shifted horizontally by the number of row it is. Similar to the shift column function, but rotated left to right – Ex: • [0,0][0,1][0,2] [0,0][0,1][0,2] • [1,0][1,1][1,2] ------> [1,2][1,0][1,2] • [2,0][2,1][2,2] [2,1][2,2][0,2]
Substitute bytes • Each byte in the message is passed through a set of s-boxes • The output of this is then set to be the key for the next round
The internal cipher “W”
Similarities between RIJNDAEL and W Table 1: Differences between RIJNDAEL and W RIJNDAEL W Block size (bits) 128, 160, 192, 224, or 256 always 512 Number of rounds 10, 11, 12, 13, or 14 always 10 Key schedule dedicated a priori algorithm the round function itself GF(28) reduction polynomial x8 + x4 + x3 + x + 1 (0x11B) x8 + x4 + x3 + x2 + 1 (0x11D) mapping u → u-1 over GF(28), recursive structure (see Origin of the S-box plus affine transform below) Origin of the round successive entries of the S- polynomials xi over GF(28) constants box left-multiplication by the right-multiplication by the Diffusion layer 4×4 circulant MDS matrix 8×8 circulant MDS matrix cir(2, 3, 1, 1) cir(1, 1, 4, 1, 8, 5, 2, 9)
Original Design • First, the array of bytes passed into digest is converted into an array of 64 arrays of 8-bit arrays. • Second, the arrays were then properly padded. • Next, the arrays are then run through W for a total of 10 rounds. • Finally the arrays were sent to the user as output.
Original Running Time Measurements • Original running time with N set to 3000 – 193447 msec • Full Run Time profile is available at this link – http://people.rit.edu/fae6505/WhirlpoolFinalRep ort.pdf
Running Time Analysis • Based on the results of the running time profile, three methods were found that took up quite a bit of time – Whirlpool.toBinary – Whirlpool.shiftColumns – Whirlpool.mixRows
.toBinary • Originally, a byte was converted to a string and then called with .toByteArray. • In order to cut down on conversion time, we dedided to set up a switch statement instead • Using a switch statement, each byte was converted to an array of bits based on its value compared to different values of 2^n
Shift Columns/Mix Rows • Originally these methods each used nested for loops to iterate through the bytes in the message and run them through the s-boxes • In order to save time we computed what the resulting positions would be of an array that underwent both of these methods and wrote one method that used a large switch statement to change the message • By combining these two methods into one method (SirMixALot), this reduced the number of iterations over the array
Revised Running Time Measurements • Original running time with N set to 3000 – 117363 msec • Full Run Time profile is available at this link – http://people.rit.edu/fae6505/WhirlpoolFinalRep ort.pdf
Revised Analysis • By revising these two methods, the runtime of the program was substantially increased as can be seen by the difference in time • Original Time – 193447 msec • Revised Time – 117363 msec
Knowledge Gained • Although knowledge was gained on the actual workings of the Whirlpool hash function, the learning that this project provided went beyond just that • We were able to understand, not just memorize, information about both hash functions and block ciphers
Possible Future Work • Although there is no specific future work slotted for the WHIRLPOOL function, work could be done on the function to tailor it to a future users needs. For instance, the key/block size could be increased to 1024 bits instead of 512 bits in order to make it more secure for a future user.
Naming of WHIRLPOOL Whirlpool galaxy in Canes Venatici, M51, or NGC 5194
Works Cited • Figures 1-4 – http://www.larc.usp.br/~pbarreto/WhirlpoolPage. html • Figure 5 – http://www.utahskies.org/deepsky/constellations /canesvenatici.html
QUESTIONS?
QUESTIONS?
You can also read