Security Evaluation of GOST 28147-89 in View of International Standardisation

نویسنده

  • Nicolas Courtois
چکیده

GOST 28147-89 is is a well-known 256-bit block cipher which is a plausible alternative for AES-256 and triple DES, which however has a much lower implementation cost, see [31]. GOST is implemented in standard crypto libraries such as OpenSSL and Crypto++ [25, 45], and is increasingly popular and used also outside its country of origin and on the Internet [23, 24, 31]. In 2010 GOST was submitted to ISO 18033, to become a worldwide industrial encryption standard. Until 2011 researchers unanimously agreed that GOST could or should be very secure, which was summarized in 2010 in these words: “despite considerable cryptanalytic efforts spent in the past 20 years, GOST is still not broken”, see [31]. Unhappily, it was recently discovered that GOST can be broken and is a deeply flawed cipher. There is a very considerable amount of recent not yet published work on cryptanalysis of GOST known to us, see [12]. One simple attack was already presented in February at FSE 2011, see [28]. In this short paper we describe another attack, to illustrate the fact that there are now attacks on GOST, which require much less memory, and don’t even require the reflection property [29] to hold, without which the recent attack from [28] wouldn’t work. We are also aware of many substantially faster attacks and of numerous special even weaker cases, see [12]. These will be published in appropriate peer-reviewed cryptography conferences but we must warn the ISO committees right now. More generally, our ambition is to do more than just to point out that a major encryption standard is flawed. We would like to present and suggest a new general paradigm for effective symmetric cryptanalysis of so called “Algebraic Complexity Reduction” which in our opinion is going to structure and stimulate substantial amounts of academic research on symmetric cryptanalysis for many years to come. In this paper we will explain the main ideas behind it and explain also the precise concept of “Black-box Algebraic Complexity Reduction”. This new paradigm builds on many already known attacks on symmetric ciphers, such as fixed point, slide, involution, cycling and other self-similarity attacks but the exact attacks we obtain, could never be developed previously, because only in the recent 5 years it became possible to show the existence of an appropriate last step for many such attacks, which is a low data complexity software algebraic attack. This methodology leads to a large number of new attacks on GOST [12], way more complex, better and more efficient than in [28]. One example of such an attack is given in the

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

New Fixed Point Attacks on GOST2 Block Cipher

GOST block cipher designed in the 1970s and published in 1989 as the Soviet and Russian standard GOST 28147-89. In order to enhance the security of GOST block cipher after proposing various attacks on it, designers published a modified version of GOST, namely GOST2, in 2015 which has a new key schedule and explicit choice for S-boxes. In this paper, by using three exactly identical portions of ...

متن کامل

Draft Vladimir Popov , CRYPTO - PRO Igor Kurepkin , CRYPTO - PRO

This document describes the cryptographic algorithms and parameters supplementary to the original GOST specifications GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 for use in internet applications. Table of

متن کامل

Draft Vladimir Popov , CRYPTO - PRO Igor

This document describes the cryptographic algorithms and parameters supplementary to the original GOST specifications GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 for use in Internet applications. Table of

متن کامل

New Linear Attacks on Block Cipher GOST

Defined in the standard GOST 28147-89, GOST is a Soviet and Russian government standard symmetric-key block cipher. GOST has the 64-bit block size and a key length of 256 bits. It is a Feistel network of 32 rounds. In 2010, GOST was submitted to ISO 18033 to become a worldwide industrial encryption standard. GOST 28147-89 has also been published as informational RFC 5830 with IETF. In this pape...

متن کامل

STRIBOB: Authenticated Encryption from GOST R 34.11-2012 LPS Permutation

Authenticated encryption algorithms protect both the confidentiality and integrity of messages in a single processing pass. In this note we show how to utilize the L◦P ◦S transform of the Russian GOST R 34.11-2012 standard hash “Streebog” to build an efficient, lightweight algorithm for Authenticated Encryption with Associated Data (AEAD) via the Sponge construction and BLNK padding. The propos...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Cryptologia

دوره 36  شماره 

صفحات  -

تاریخ انتشار 2011