WhirlBob is an Authenticated Encryption with Associated Data (AEAD)
algorithm derived from the first round CAESAR candidate StriBob
and the Whirlpool hash algorithm. The main advantage of WhirlBob over
StriBob is its greatly reduced implementation footprint on
resource-constrained platforms. Remarkably, the entire C reference
implementation of WhirlBob 1.0 $\pi$ fits onto a single page of the Appendix.
On most low-end microcontrollers the total software footprint of
$\pi$+BLNK = WhirlBob AEAD is less than half a kilobyte. We also report an
FPGA implementation of WhirlBob. The
reduced hardware gate count is also reflected as efficient bitsliced
straight-line implementations, especially on 64-bit platforms. Bitslicing
works as an efficient countermeasure against AES-style cache timing
side-channel attacks. The new design utilizes only the LPS or $\rho$
keying line of Whirlpool in a flexible domain-separated Sponge mode BLNK
and adds the number of rounds in $\pi$ permutation from 10 to 12 as a
countermeasure against Rebound Distinguishing attacks.
As with StriBob, the reduced-size Sponge design has a strong provable
security link with the original hash algorithm. We finally present some
discussion and analysis on differences between Whirlpool, the Russian
GOST Streebog hash, and the recently proposed draft Russian
Encryption Standard Kuznyechik.
↧