In
computer science
Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to Applied science, practical discipli ...
and
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, Whirlpool (sometimes styled WHIRLPOOL) is a
cryptographic hash function
A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography:
* the probability of a particular n-bit output re ...
. It was designed by
Vincent Rijmen
Vincent Rijmen (; born 16 October 1970) is a Belgian cryptographer and one of the two designers of the Rijndael, the Advanced Encryption Standard. Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block cipher ...
(co-creator of the
Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
) and
Paulo S. L. M. Barreto
Paulo S. L. M. Barreto (born 1965) is a Brazilian cryptographer and one of the designers of the Whirlpool (algorithm), Whirlpool cryptographic hash function, hash function and the block ciphers Anubis (cipher), Anubis and KHAZAD, together with Vin ...
, who first described it in 2000.
The hash has been recommended by the
NESSIE
NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Gov ...
project. It has also been adopted by the
International Organization for Standardization
The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Ar ...
(ISO) and the
International Electrotechnical Commission
The International Electrotechnical Commission (IEC; in French: ''Commission électrotechnique internationale'') is an international standards organization that prepares and publishes international standards for all electrical, electronic and r ...
(IEC) as part of the joint ISO/IEC 10118-3
international standard
international standard is a technical standard developed by one or more international standards organizations. International standards are available for consideration and use worldwide. The most prominent such organization is the International Or ...
.
Design features
Whirlpool is a hash designed after the
Square
In Euclidean geometry, a square is a regular quadrilateral, which means that it has four equal sides and four equal angles (90-degree angles, π/2 radian angles, or right angles). It can also be defined as a rectangle with two equal-length adj ...
block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
, and is considered to be in that family of block cipher functions.
Whirlpool is a
Miyaguchi-Preneel construction based on a substantially modified
Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a variant ...
(AES).
Whirlpool takes a message of any length less than 2
256 bits and returns a 512-bit
message digest
A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography:
* the probability of a particular n-bit output re ...
.
The authors have declared that
:"WHIRLPOOL is not (and will never be) patented. It may be used free of charge for any purpose."
Version changes
The original Whirlpool will be called ''Whirlpool-0'', the first revision of Whirlpool will be called ''Whirlpool-T'' and the latest version will be called ''Whirlpool'' in the following test vectors.
* In the first revision in 2001, the
S-box
In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Sha ...
was changed from a randomly generated one with good cryptographic properties to one which has better cryptographic properties and is easier to implement in hardware.
* In the second revision (2003), a flaw in the
diffusion matrix was found that lowered the estimated security of the algorithm below its potential. Changing the 8x8 rotating matrix constants from (1, 1, 3, 1, 5, 8, 9, 5) to (1, 1, 4, 1, 8, 5, 2, 9) solved this issue.
Internal structure
The Whirlpool hash function is a
Merkle–Damgård construction
In cryptography, the Merkle–Damgård construction or Merkle–Damgård hash function is a method of building collision-resistant cryptographic hash functions from collision-resistant one-way compression functions. Goldwasser, S. and Bellare, M.b ...
based on an
AES-like
block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
W in
Miyaguchi–Preneel mode.
The
block cipher
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
W consists of an 8×8 state matrix
of bytes, for a total of 512 bits.
The encryption process consists of updating the state with four round functions over 10 rounds. The four round functions are SubBytes (SB), ShiftColumns (SC), MixRows (MR) and AddRoundKey (AK). During each round the new state is computed as
.
SubBytes
The SubBytes operation applies a non-linear permutation (the S-box) to each byte of the state independently. The 8-bit S-box is composed of 3 smaller 4-bit S-boxes.
ShiftColumns
The ShiftColumns operation cyclically shifts each byte in each column of the state. Column ''j'' has its bytes shifted downwards by ''j'' positions.
MixRows
The MixRows operation is a right-multiplication of each row by an 8×8 matrix over
. The matrix is chosen such that the branch number (an important property when looking at resistance to
differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can aff ...
) is 9, which is maximal.
AddRoundKey
The AddRoundKey operation uses bitwise
xor
Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false).
It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
to add a key calculated by the key schedule to the current state. The key schedule is identical to the encryption itself, except the AddRoundKey function is replaced by an AddRoundConstant function that adds a predetermined constant in each round.
Whirlpool hashes
The Whirlpool algorithm has undergone two revisions since its original 2000 specification.
People incorporating Whirlpool will most likely use the most recent revision of Whirlpool; while there are no known security weaknesses in earlier versions of Whirlpool, the most recent revision has better hardware implementation efficiency characteristics, and is also likely to be more secure. As mentioned earlier, it is also the version adopted in the ISO/IEC 10118-3
international standard
international standard is a technical standard developed by one or more international standards organizations. International standards are available for consideration and use worldwide. The most prominent such organization is the International Or ...
.
The 512-bit (64-byte) Whirlpool hashes (also termed ''message digests'') are typically represented as 128-digit
hexadecimal
In mathematics and computing, the hexadecimal (also base-16 or simply hex) numeral system is a positional numeral system that represents numbers using a radix (base) of 16. Unlike the decimal system representing numbers using 10 symbols, hexa ...
numbers.
The following demonstrates a 43-byte
ASCII
ASCII ( ), abbreviated from American Standard Code for Information Interchange, is a character encoding standard for electronic communication. ASCII codes represent text in computers, telecommunications equipment, and other devices. Because of ...
input (not including quotes) and the corresponding Whirlpool hashes:
Even a small change in the message will (with an extremely high probability of
) result in a different hash, which will
usually look completely different just like two unrelated random numbers do. The following demonstrates the result of changing the previous input by a single letter (a single bit, even, in ASCII-compatible encodings), replacing with :
The hash of a zero-length string is:
Implementations
The authors provide
reference implementation
In the software development process, a reference implementation (or, less frequently, sample implementation or model implementation) is a program that implements all requirements from a corresponding specification. The reference implementation o ...
s of the Whirlpool algorithm, including a version written in
C and a version written in
Java
Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
.
These reference implementations have been released into the public domain.
Adoption
Two of the first widely used mainstream cryptographic programs that started using Whirlpool were
FreeOTFE
FreeOTFE is a discontinued open source computer program for on-the-fly disk encryption (OTFE). On Microsoft Windows, and Windows Mobile (using FreeOTFE4PDA), it can create a virtual drive within a file or partition, to which anything written is a ...
, followed by
TrueCrypt
TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication).
On 28 May ...
in 2005.
VeraCrypt (a fork of
TrueCrypt
TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication).
On 28 May ...
) included Whirlpool (the final version) as one of its supported hash algorithms.
See also
*
Digital timestamping
References
External links
*
* , a Java implementation of all three revisions of Whirlpool
* – An open source
Go implementation of the latest revision of Whirlpool
A Matlab Implementation of the Whirlpool Hashing FunctionRHash an
open source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
command-line tool, which can calculate and verify Whirlpool hash.
Perl Whirlpoolmodule at
CPAN
The Comprehensive Perl Archive Network (CPAN) is a repository of over 250,000 software modules and accompanying documentation for 39,000 distributions, written in the Perl programming language by over 12,000 contributors. ''CPAN'' can denote eith ...
Digest moduleimplementing the Whirlpool hashing algorithm in
Ruby
A ruby is a pinkish red to blood-red colored gemstone, a variety of the mineral corundum ( aluminium oxide). Ruby is one of the most popular traditional jewelry gems and is very durable. Other varieties of gem-quality corundum are called sa ...
Ironclada
Common Lisp
Common Lisp (CL) is a dialect of the Lisp programming language, published in ANSI standard document ''ANSI INCITS 226-1994 (S20018)'' (formerly ''X3.226-1994 (R1999)''). The Common Lisp HyperSpec, a hyperlinked HTML version, has been derived fro ...
cryptography package containing a Whirlpool implementation
The ISO/IEC 10118-3:2004 standardfrom the
NESSIE
NESSIE (New European Schemes for Signatures, Integrity and Encryption) was a European research project funded from 2000 to 2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Gov ...
project
Managed C# implementationPython Whirlpool module
{{ISO standards
Cryptographic hash functions