International Association for Cryptologic Research (IACR)
Abstract
We introduce the rebound attack as a variant of differential cryptanalysis on
hash functions and apply it to the hash function Whirlpool, standardized by
ISO/IEC. We give attacks on reduced variants of the Whirlpool hash function and
the Whirlpool compression function. Next, we introduce the subspace problems as
generalizations of near-collision resistance. Finally, we present
distinguishers based on the rebound attack, that apply to the full compression
function of Whirlpool and the underlying block cipher W
