computer science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...

and

cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

, Whirlpool (sometimes styled WHIRLPOOL) is a

cryptographic hash function A cryptographic hash function (CHF) is a hash algorithm (a map (mathematics), map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptography, cryptographic application: ...

. It was designed by

Vincent Rijmen Vincent Rijmen (; born 16 October 1970) is a Belgium, Belgian cryptographer and one of the two designers of the Rijndael, the Advanced Encryption Standard. Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block ...

(co-creator of the

Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...

) and Paulo S. L. M. Barreto, who first described it in 2000. The hash has been recommended by the NESSIE project. It has also been adopted by the

International Organization for Standardization The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. M ...

(ISO) and the

International Electrotechnical Commission The International Electrotechnical Commission (IEC; ) is an international standards organization that prepares and publishes international standards for all electrical, electronics, electronic and related technologies. IEC standards cover a va ...

(IEC) as part of the joint ISO/IEC 10118-3

international standard An international standard is a technical standard developed by one or more international standards organizations. International standards are available for consideration and use worldwide. The most prominent such organization is the International O ...

Design features

Whirlpool is a hash designed after the

Square In geometry, a square is a regular polygon, regular quadrilateral. It has four straight sides of equal length and four equal angles. Squares are special cases of rectangles, which have four equal angles, and of rhombuses, which have four equal si ...

block cipher In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called ''blocks''. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage a ...

, and is considered to be in that family of block cipher functions. Whirlpool is a Miyaguchi-Preneel construction based on a substantially modified

(AES). Whirlpool takes a message of any length less than 2²⁵⁶ bits and returns a 512-bit

message digest A hash function is any function that can be used to map data of arbitrary size to fixed-size values, though there are some hash functions that support variable-length output. The values returned by a hash function are called ''hash values'', ...

. The authors have declared that :"WHIRLPOOL is not (and will never be)

patented A patent is a type of intellectual property that gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an enabling disclosure of the invention."A ...

. It may be used free of charge for any purpose."

Version changes

The original Whirlpool will be called ''Whirlpool-0'', the first revision of Whirlpool will be called ''Whirlpool-T'' and the latest version will be called ''Whirlpool'' in the following test vectors. * In the first revision in 2001, the

S-box In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Clau ...

was changed from a randomly generated one with good cryptographic properties to one which has better cryptographic properties and is easier to implement in hardware. * In the second revision (2003), a flaw in the diffusion matrix was found that lowered the estimated security of the algorithm below its potential. Changing the 8x8 rotating matrix constants from (1, 1, 3, 1, 5, 8, 9, 5) to (1, 1, 4, 1, 8, 5, 2, 9) solved this issue.

Internal structure

The Whirlpool hash function is a Merkle–Damgård construction based on an AES-like

W in Miyaguchi–Preneel mode. The

W consists of an 8×8 state matrix

S

of bytes, for a total of 512 bits. The encryption process consists of updating the state with four round functions over 10 rounds. The four round functions are SubBytes (SB), ShiftColumns (SC), MixRows (MR) and AddRoundKey (AK). During each round the new state is computed as

S=AK \circ MR \circ SC \circ SB(S)

SubBytes

The SubBytes operation applies a non-linear permutation (the S-box) to each byte of the state independently. The 8-bit S-box is composed of 3 smaller 4-bit S-boxes.

ShiftColumns

The ShiftColumns operation cyclically shifts each byte in each column of the state. Column ''j'' has its bytes shifted downwards by ''j'' positions.

MixRows

The MixRows operation is a right-multiplication of each row by an 8×8 matrix over

GF()

. The matrix is chosen such that the

branch number In cryptography, the branch number is a numerical value that characterizes the amount of diffusion introduced by a vectorial Boolean function that maps an input vector to output vector F(a). For the (usual) case of a linear the value of the ''di ...

(an important property when looking at resistance to

differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can a ...

) is 9, which is maximal.

AddRoundKey

The AddRoundKey operation uses bitwise xor to add a key calculated by the key schedule to the current state. The key schedule is identical to the encryption itself, except the AddRoundKey function is replaced by an AddRoundConstant function that adds a predetermined constant in each round.

Whirlpool hashes

The Whirlpool algorithm has undergone two revisions since its original 2000 specification. People incorporating Whirlpool will most likely use the most recent revision of Whirlpool; while there are no known security weaknesses in earlier versions of Whirlpool, the most recent revision has better hardware implementation efficiency characteristics, and is also likely to be more secure. As mentioned earlier, it is also the version adopted in the ISO/IEC 10118-3

. The 512-bit (64-byte) Whirlpool hashes (also termed ''message digests'') are typically represented as 128-digit

hexadecimal Hexadecimal (also known as base-16 or simply hex) is a Numeral system#Positional systems in detail, positional numeral system that represents numbers using a radix (base) of sixteen. Unlike the decimal system representing numbers using ten symbo ...

numbers.
The following demonstrates a 43-byte

ASCII ASCII ( ), an acronym for American Standard Code for Information Interchange, is a character encoding standard for representing a particular set of 95 (English language focused) printable character, printable and 33 control character, control c ...

input (not including quotes) and the corresponding Whirlpool hashes:

Implementations

The authors provide

reference implementation In the software development process, a reference implementation (or, less frequently, sample implementation or model implementation) is a program that implements all requirements from a corresponding specification. The reference implementation ...

s of the Whirlpool algorithm, including a version written in C and a version written in

Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...

. These reference implementations have been released into the public domain. Research on the security analysis of the Whirlpool function however, has revealed that on average, the introduction of 8 random faults is sufficient to compromise the 512-bit Whirlpool hash message being processed and the secret key of HMAC-Whirlpool within the context of Cloud of Things (CoTs). This emphasizes the need for increased security measures in its implementation.

Adoption

Two of the first widely used mainstream cryptographic programs that started using Whirlpool were

FreeOTFE FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile (using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written i ...

, followed by

TrueCrypt TrueCrypt is a discontinued source-available freeware utility software, utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a Disk partitioning, partition, or encrypt the whole Data storag ...

in 2005.

VeraCrypt VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or (in Windows) the entire sto ...

(a fork of

) included Whirlpool (the final version) as one of its supported hash algorithms.

References

External links

* * , a Java implementation of all three revisions of Whirlpool * – An open source Go implementation of the latest revision of Whirlpool
A Matlab Implementation of the Whirlpool Hashing Function

RHash
an

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

command-line tool, which can calculate and verify Whirlpool hash.
Perl Whirlpool
module at

CPAN The Comprehensive Perl Archive Network (CPAN) is a software repository of over 220,000 software modules and accompanying documentation for 45,500 distributions, written in the Perl programming language by over 14,500 contributors. ''CPAN'' can de ...

Digest module
implementing the Whirlpool hashing algorithm in

Ruby Ruby is a pinkish-red-to-blood-red-colored gemstone, a variety of the mineral corundum ( aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called sapph ...

Ironclad
a

Common Lisp Common Lisp (CL) is a dialect of the Lisp programming language, published in American National Standards Institute (ANSI) standard document ''ANSI INCITS 226-1994 (S2018)'' (formerly ''X3.226-1994 (R1999)''). The Common Lisp HyperSpec, a hyperli ...

cryptography package containing a Whirlpool implementation
The ISO/IEC 10118-3:2004 standard

from the NESSIE project
Managed C# implementation

Python Whirlpool module
{{ISO standards Cryptographic hash functions