WHIRLBOB, the Whirlpool Based Variant of STRIBOB: Lighter, Faster, and Constant Time

Markku-Juhanin O. Saarinen, Billy Bob Brumley

Research output: Chapter in Book/Report/Conference proceedingChapter (peer-reviewed)peer-review

3 Citations (Scopus)


WHIRLBOB, also known as STRIBOBr2, is an AEAD (Authenticated Encryption with Associated Data) algorithm derived from STRIBOBr1 and the Whirlpool hash algorithm. WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm. The new design utilizes only the LPS or ρ component of Whirlpool in flexibly domain-separated BLNK Sponge mode. The number of rounds is increased from 10 to 12 as a countermeasure against Rebound Distinguishing attacks. The 8 ×8 - bit S-Box used by Whirlpool and WHIRLBOB is constructed from 4 ×4 - bit “MiniBoxes”. We report on fast constant-time Intel SSSE3 and ARM NEON SIMD WHIRLBOB implementations that keep full miniboxes in registers and access them via SIMD shuffles. This is an efficient countermeasure against AES-style cache timing side-channel attacks. Another main advantage of WHIRLBOB over STRIBOBr1 (and most other AEADs) is its greatly reduced implementation footprint on lightweight platforms. On many lower-end microcontrollers the total software footprint of π+BLNK = WHIRLBOB AEAD is less than half a kilobyte. We also report an FPGA implementation that requires 4,946 logic units for a single round of WHIRLBOB, which compares favorably to 7,972 required for Keccak / Keyak on the same target platform. The relatively small S-Box gate count also enables efficient 64-bit bitsliced straight-line implementations. We finally present some discussion and analysis on the relationships between WHIRLBOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik.
Original languageEnglish
Title of host publicationSecure IT Systems: 20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015, Proceedings
EditorsSonja Buchegger, Mads Dam
PublisherSpringer International Publishing Switzerland
Number of pages17
ISBN (Electronic)9783319265025
ISBN (Print)9783319265018
Publication statusPublished - Oct 2015
EventNordSec 2015 - Stockholm, Sweden
Duration: 19 Oct 201521 Oct 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer International Publishing
ISSN (Print)0302-9743


ConferenceNordSec 2015


  • Authenticated encryption
  • Sponge designs
  • Timing attacks
  • Whirlpool
  • Streebog
  • CAESAR competition


Dive into the research topics of 'WHIRLBOB, the Whirlpool Based Variant of STRIBOB: Lighter, Faster, and Constant Time'. Together they form a unique fingerprint.

Cite this