New Integral Distinguishers On Permutation Of Whirlpool

Abstract

AbstractWhirlpool is a hash function that has been standardized by ISO/IEC. In this paper, we develop a new type of distinguishing property for its underlying permutation $ W $. Division property proposed by Todo at EUROCRYPT 2015 was initially used in the integral cryptanalysis of symmetric-key algorithms. This work for the first time utilizes the MILP method to search for the integral distinguishers of $ W $ in both the forward and backward directions while concentrating on word-based division property. Under the known-key model, the fact that the permutation used in the hash function does not depend on any secret parameters allows the previous properties to be exploited from the middle, i.e. from an intermediate internal state. Therefore, we apply the inside-out strategy which is the essential step in the zero-sum property to connect the trails in opposite directions. Consequently, we obtain new distinguishers up to full rounds for the $ W $. To further reduce the complexity of the integral distinguishers, we add one round in the middle with the help of subspace trails. Finally, we succeed in extending the length and improving the complexity of the integral distinguishers. To the best of our knowledge, all the results in this paper are competitive with the previous work in both computational cost and memory complexity. It is worth mentioning that the methods presented in this paper are applicable to a broad class of hash functions.