In computer science and cryptography, Whirlpool (sometimes styled WHIRLPOOL) is a cryptographic hash function. It was designed by Vincent Rijmen (cocreator of the Advanced Encryption Standard) and Paulo S. L. M. Barreto, who first described it in 2000.
The hash has been recommended by the NESSIE project. It has also been adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as part of the joint ISO/IEC 101183 international standard.
Whirlpool  

General  
Designers  Vincent Rijmen, Paulo S. L. M. Barreto 
First published  2000, 2001, 2003 
Derived from  Square, AES 
Certification  NESSIE 
Detail  
Digest sizes  512 bits 
Security claims  Large hashsum size 
Structure  MiyaguchiPreneel 
Rounds  10 
Best public cryptanalysis  
In 2009, a rebound attack was announced that presents full collisions against 4.5 rounds of Whirlpool in 2^{120} operations, semifreestart collisions against 5.5 rounds in 2^{120} time and semifreestart nearcollisions against 7.5 rounds in 2^{128} time.^{[1]} 
Whirlpool is a hash designed after the Square block cipher, and is considered to be in that family of block cipher functions.
Whirlpool is a MiyaguchiPreneel construction based on a substantially modified Advanced Encryption Standard (AES).
Whirlpool takes a message of any length less than 2^{256} bits and returns a 512bit message digest.^{[3]}
The authors have declared that
The original Whirlpool will be called Whirlpool0, the first revision of Whirlpool will be called WhirlpoolT and the latest version will be called Whirlpool in the following test vectors.
The Whirlpool hash function is a Merkle–Damgård construction based on an AESlike block cipher W in Miyaguchi–Preneel mode.^{[2]}
The block cipher W consists of an 8×8 state matrix of bytes, for a total of 512 bits.
The encryption process consists of updating the state with four round functions over 10 rounds. The four round functions are SubBytes (SB), ShiftColumns (SC), MixRows (MR) and AddRoundKey (AK). During each round the new state is computed as .
The SubBytes operation applies a nonlinear permutation (the Sbox) to each byte of the state independently. The 8bit Sbox is composed of 3 smaller 4bit Sboxes.
The ShiftColumns operation cyclically shifts each byte in each column of the state. Column j has its bytes shifted downwards by j positions.
The MixRows operation is a rightmultiplication of each row by an 8×8 matrix over . The matrix is chosen such that the branch number (an important property when looking at resistance to differential cryptanalysis) is 9, which is maximal.
The AddRoundKey operation uses bitwise xor to add a key calculated by the key schedule to the current state. The key schedule is identical to the encryption itself, except the AddRoundKey function is replaced by an AddRoundConstant function that adds a predetermined constant in each round.
The Whirlpool algorithm has undergone two revisions since its original 2000 specification.
People incorporating Whirlpool will most likely use the most recent revision of Whirlpool; while there are no known security weaknesses in earlier versions of Whirlpool, the most recent revision has better hardware implementation efficiency characteristics, and is also likely to be more secure. As mentioned earlier, it is also the version adopted in the ISO/IEC 101183 international standard.
The 512bit (64byte) Whirlpool hashes (also termed message digests) are typically represented as 128digit hexadecimal numbers.
The following demonstrates a 43byte ASCII input (not including quotes) and the corresponding Whirlpool hashes:
Version  Input String  Computed Hash 

Whirlpool0  "The quick brown fox jumps over the lazy dog" 
4F8F5CB531E3D49A61CF417CD133792CCFA501FD8DA53EE368FED20E5FE0248C 3A0B64F98A6533CEE1DA614C3A8DDEC791FF05FEE6D971D57C1348320F4EB42D 
WhirlpoolT  "The quick brown fox jumps over the lazy dog" 
3CCF8252D8BBB258460D9AA999C06EE38E67CB546CFFCF48E91F700F6FC7C183 AC8CC3D3096DD30A35B01F4620A1E3A20D79CD5168544D9E1B7CDF49970E87F1 
Whirlpool  "The quick brown fox jumps over the lazy dog" 
B97DE512E91E3828B40D2B0FDCE9CEB3C4A71F9BEA8D88E75C4FA854DF36725F D2B52EB6544EDCACD6F8BEDDFEA403CB55AE31F03AD62A5EF54E42EE82C3FB35 
Even a small change in the message will (with an extremely high probability of ) result in a different hash, which will usually look completely different just like two unrelated random numbers do. The following demonstrates the result of changing the previous input by a single letter (a single bit, even, in ASCIIcompatible encodings), replacing d with e:
Version  Input String  Computed Hash 

Whirlpool0  "The quick brown fox jumps over the lazy eog" 
228FBF76B2A93469D4B25929836A12B7D7F2A0803E43DABA0C7FC38BC11C8F2A 9416BBCF8AB8392EB2AB7BCB565A64AC50C26179164B26084A253CAF2E012676 
WhirlpoolT  "The quick brown fox jumps over the lazy eog" 
C8C15D2A0E0DE6E6885E8A7D9B8A9139746DA299AD50158F5FA9EECDDEF744F9 1B8B83C617080D77CB4247B1E964C2959C507AB2DB0F1F3BF3E3B299CA00CAE3 
Whirlpool  "The quick brown fox jumps over the lazy eog" 
C27BA124205F72E6847F3E19834F925CC666D0974167AF915BB462420ED40CC5 0900D85A1F923219D832357750492D5C143011A76988344C2635E69D06F2D38C 
The hash of a zerolength string is:
Version  Input String  Computed Hash 

Whirlpool0  "" 
B3E1AB6EAF640A34F784593F2074416ACCD3B8E62C620175FCA0997B1BA23473 39AA0D79E754C308209EA36811DFA40C1C32F1A2B9004725D987D3635165D3C8 
WhirlpoolT  "" 
470F0409ABAA446E49667D4EBE12A14387CEDBD10DD17B8243CAD550A089DC0F EEA7AA40F6C2AAAB71C6EBD076E43C7CFCA0AD32567897DCB5969861049A0F5A 
Whirlpool  "" 
19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A7 3E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 
The authors provide reference implementations of the Whirlpool algorithm, including a version written in C and a version written in Java.^{[2]} These reference implementations have been released into the public domain.^{[2]}
Two of the first widely used mainstream cryptographic programs that started using Whirlpool were FreeOTFE, followed by TrueCrypt in 2005.
VeraCrypt (a fork of TrueCrypt) included Whirlpool (the final version) as one of its supported hash algorithms.^{[5]}
An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed (as well as the resistance to sidechannel attacks) of applications performing encryption and decryption using Advanced Encryption Standard (AES). They are often implemented as instructions implementing a single round of AES along with a special version for the last round which has a slightly different method.
Advanced Encryption StandardThe Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes.
For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetrickey algorithm, meaning the same key is used for both encrypting and decrypting the data.
In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001. This announcement followed a fiveyear standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable (see Advanced Encryption Standard process for more details).
AES became effective as a federal government standard on May 26, 2002, after approval by the Secretary of Commerce. AES is included in the ISO/IEC 180333 standard. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module (see Security of AES, below).
List of cryptographersList of cryptographers.
Paulo S. L. M. BarretoPaulo S. L. M. Barreto (born 1965) is a Brazilian cryptographer and one of the designers of the Whirlpool hash function and the block ciphers Anubis and KHAZAD, together with Vincent Rijmen. He has also coauthored a number of research works on elliptic curve cryptography and pairingbased cryptography, including the eta pairing technique,identitybased cryptographic protocols,
and the family of BarretoNaehrig (BN) pairingfriendly elliptic curves.
More recently he has been focusing his research on postquantum cryptography, being one of the discoverers of quasidyadic codes
and quasicyclic moderatedensity paritycheck (QCMDPC) codes
to instantiate the McEliece and Niederreiter cryptosystems and related schemes.
His paper "Efficient Algorithms for PairingBased Cryptosystems", jointly written with Hae Y. Kim, Ben Lynn and Mike Scott and presented at the Crypto 2002 conference, has been identified in March 2005 as a "Hot Paper", and in December 2005 as "Fast Breaking Paper", by Thomson ISI's Essential Science Indicators (now Science Watch), by virtue of being among the top onetenth of one percent (0.1%) most cited papers and by having the largest percentage increase in citations in the Computer Science category.Barreto was born in Salvador, capital of the northeastern state of Bahia, Brazil. In 1987, he graduated in Physics at the University of São Paulo. He subsequently worked at Unisys Brazil Ltd and Scopus Tecnologia S/A as a software developer and then as chief cryptographer. Barreto received his Ph.D. degree in 2003. He has been awarded the SFI E. T. S. Walton Award 20082009. He was associate professor at the Department of Computer and Digital Systems Engineering, Escola Politécnica, University of São Paulo. He is currently a professor at the Institute of Technology of the University of Washington Tacoma.
Rebound attackThe rebound attack is a tool in the cryptanalysis of cryptographic hash functions. The attack was first published in 2009 by Florian Mendel, Christian Rechberger, Martin Schläffer and Søren Thomsen. It was conceived to attack AES like functions such as Whirlpool and Grøstl, but was later shown to also be applicable to other designs such as Keccak, JH and Skein.
StreebogStreebog is a cryptographic hash function defined in the Russian national standard GOST R 34.112012 Information Technology – Cryptographic Information Security – Hash Function. It was created to replace an obsolete GOST hash function defined in the old standard GOST R 34.1194, and as an asymmetric reply to SHA3 competition by the US National Institute of Standards and Technology. The function is also described in RFC 6986.

This page is based on a Wikipedia article written by authors
(here).
Text is available under the CC BYSA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.