- Karl J A Petre and Xavier J Ortiz, Columbia University, Department of Electrical Engineering

## Introduction

- Whirlpool is a one-way collision resistant hash function designed by Vincent Rijmen and Paulo S. L. M. Barreto. It operates on messages less than 2
^{256}bits in length, and produces a message digest of 512 bits. - The authors' revised publication (dated 24 May 2003) is available here.
- The first version, Whirlpool-0, was submitted to the NESSIE project. Its optimized successor, WHIRLPOOL-T, was selected for the NESSIE portfolio of cryptographic primitives:
*“The NESSIE project selects Whirlpool as a collision-resistant hash function, with an output length of 512 bits. The design of Whirlpool is based on an underlying 512-bit block cipher that is used in Miyaguchi-Preneel mode. This block cipher has a structure similar to Rijndael. The best known attack on Whirlpool finds non-random properties when the compression function is reduced to six rounds or less (out of ten); this gives a good security margin. The performance of Whirlpool is acceptable, though on most platforms it is slightly slower than SHA-512.”*- A flaw in its diffusion matrix reported by Shirai and Shibutani (
*On the diffusion matrix employed in the Whirlpool hashing function*, NESSIE public report, 2003) was fixed afterwards, and the final version (called simply Whirlpool for short) was adopted by the International Organization for Standardization (ISO) in the ISO/IEC 10118-3:2004 standard.

## Overview

- We present a Matlab implementation of the Whirlpool hashing algorithm.
- Our decision to produce this code was motivated in part by the limited number of example implementations provided by the algorithm's authors. While their documentation is thorough, they only provide implementations in the lower-level languages of C and Java; we felt it would be beneficial to the academic community to implement the algorithm in a language accessible to a wider variety of individuals.

## Code Files

- A summary of the code package and its use is available here. You may want to read through it before getting started.
- buildconstants.m. Builds the Whirlpool constants from the substitution box.
- bv2dec.m. Computes the decimal equivalent of the binary number
*a*, which is expressed in a 1-by-length(*a*) array of ones and zeros. - bv2hex.m. Computes the hexadecimal equivalent of the binary number
*a*, which is expressed in a 1-by-length(*a*) array of ones and zeros. - bvshift.m. Computes the bitwise shift of the binary number
*a*, which is expressed in a 1-by-length(*a*) array of ones and zeros. Equivalent to the binary operation*a*<<*s*. The output is a 1-by-*p*array of ones and zeros. - dec2bv.m. Computes the binary equivalent of the decimal number
*a*; returns the value as a 1-by-*p*array of ones and zeros. - hex2bv.m. Computes the binary equivalent of the hexadecimal string
*h*; returns the value as a 1-by-*p*array of ones and zeros. - pp.m. Groups a string of hexadecimal numbers into groups of
*p*characters, inserting a space between each*p*characters. - processbuffer.m. The core Whirlpool transform.
- whirlpool.m. Computes the Whirlpool hash of the input string
*s*. The hash is returned in a binary representation – as an 8-by-64 array of ones and zeros. - whirlpooliso.m. Generates the ISO/IEC 10118-3 test vector set for Whirlpool. Stores hashes in the file isotestvectors.m.

*This reference implementation is in the public domain. However, please read the accompanying disclaimer provided with each code file before use.*

## Links

- Karl J A Petre · Wikipedia · Whirlpool

All content © 2009, Karl Petre. This page has been viewed 8726 times since creation.