@inbook{56aa2c4f86f0464e8e422c764dc0180a,
title = "WHIRLBOB, the Whirlpool Based Variant of STRIBOB: Lighter, Faster, and Constant Time",
abstract = "WHIRLBOB, also known as STRIBOBr2, is an AEAD (Authenticated Encryption with Associated Data) algorithm derived from STRIBOBr1 and the Whirlpool hash algorithm. WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm. The new design utilizes only the LPS or ρ component of Whirlpool in flexibly domain-separated BLNK Sponge mode. The number of rounds is increased from 10 to 12 as a countermeasure against Rebound Distinguishing attacks. The 8 ×8 - bit S-Box used by Whirlpool and WHIRLBOB is constructed from 4 ×4 - bit “MiniBoxes”. We report on fast constant-time Intel SSSE3 and ARM NEON SIMD WHIRLBOB implementations that keep full miniboxes in registers and access them via SIMD shuffles. This is an efficient countermeasure against AES-style cache timing side-channel attacks. Another main advantage of WHIRLBOB over STRIBOBr1 (and most other AEADs) is its greatly reduced implementation footprint on lightweight platforms. On many lower-end microcontrollers the total software footprint of π+BLNK = WHIRLBOB AEAD is less than half a kilobyte. We also report an FPGA implementation that requires 4,946 logic units for a single round of WHIRLBOB, which compares favorably to 7,972 required for Keccak / Keyak on the same target platform. The relatively small S-Box gate count also enables efficient 64-bit bitsliced straight-line implementations. We finally present some discussion and analysis on the relationships between WHIRLBOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik.",
keywords = "WHIRLBOB, STRIBOBr1, Authenticated encryption, Sponge designs, Timing attacks, Whirlpool, Streebog, CAESAR competition",
author = "Saarinen, {Markku-Juhanin O.} and Brumley, {Billy Bob}",
year = "2015",
month = oct,
doi = "10.1007/978-3-319-26502-5_8",
language = "English",
isbn = "9783319265018",
series = "Lecture Notes in Computer Science",
publisher = "Springer International Publishing Switzerland",
pages = "106--122",
editor = "Sonja Buchegger and Mads Dam",
booktitle = "Secure IT Systems: 20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015, Proceedings",
note = "NordSec 2015 ; Conference date: 19-10-2015 Through 21-10-2015",
}