Improved attacks against reduced-round Whirlwind

The Whirlwind hash function was proposed by Barreto et al. (Des Codes Cryptogr 56(2–3):141–162, 2010, https://doi.org/10.1007/s10623-010-9391-y ). In this paper, we focus on preimage and collision attacks on reduced-round Whirlwind. With the help of MILP models, a 7-round pseudo-preimage attack is presented. Then we revisit the framework of Ma et al. and successfully improve the preimage attack on 4-round Whirlwind with time complexity reduced from 2^497 to 2^417 . Meanwhile, by using quantum algorithms, we find a quantum collision attack on 5-round Whirlwind, which improves running time from 2^190.5 to 2^127.15 comparing to standard BHT algorithm while using the same amount of quantum memory. Also, semi-free-start collision of Whirlwind compression function is improved from 6 round to 7 round, while keeping complexity unchanged.