zbMATH — the first resource for mathematics

Rotational cryptanalysis of GOST with identical S-boxes. (English) Zbl 1345.94091
Summary: Rotational cryptanalysis was introduced by D. Khovratovich and I. Nikolić [FSE 2010, Lect. Notes Comput. Sci. 6147, 333–346 (2010; Zbl 1279.94092)] as a tool to analyse ARX-type cipher designs. GOST 28147-89 is a former Soviet Union cipher standard based on a Feistel construction with 32 rounds. Each round function adds the round key modulo \(2^{32}\), transforms the result with 4-to-4 bit S-boxes, and rotates the output. We apply the rotational cryptanalysis to a version of GOST using eight identical S-boxes, such as GOST-PS. We show the existence of (practical) rotational distinguisher in related key model for full GOST. Furthermore, there is a set of weak keys (rotationally symmetric keys) that enables rotational attacks in single-key model as well. Finally, we show a simple attack on the last round that uses the rotational distinguisher to reduce the complexity of the full GOST to \(208\) bits.
94A60 Cryptography
Full Text: DOI
[1] COURTOIS, N. T: Security evaluation of GOST 28147-89 in view of international standardisation, Cryptologia 36 (2012) 2-13.
[2] COURTOIS, N. T.-MISZTAL, M.: Differential cryptanalysis of GOST, Cryptology ePrint Archive, Report 2011/312, 2011, http://eprint.iacr.org/.
[3] COURTOIS, N. T.: Algebraic Complexity reduction and cryptanalysis of GOST, Cryptology ePrint Archive, Report 2011/626, 2011, http://eprint.iacr.org/2011/626.
[4] DINUR, I.-DUNKELMAN, O.-SHAMIR, A.: Improved attacks on full GOST, in: Fast Software Encryption , LNCS Vol. 7549, Springer, Heidelberg, 2012, pp. 9-28. · Zbl 1282.94040
[5] DOLMATOV, V.: GOST 28147-89: Encryption, decryption, and message authenticationcode (MAC) algorithms, RFC 5830 (Informational), March 2010.
[6] ISOBE, T.: A single-key attack on the full GOST block cipher, in: Fast Software Encryption , LNCS Vol. 6733, Springer, Heidelberg, 2011, pp. 290-305. · Zbl 1307.94059
[7] KHOVRATOVICH, D.-NIKOLIĆ, I.: Rotational cryptanalysis of ARX, in: Fast Software Encryption 2010 LNCS Vol. 6147, Springer, Heidelberg, 2010, pp. 333-346. · Zbl 1279.94092
[8] KHOVRATOVICH, D.-NIKOLIĆ, I.-RECHBERGER, C.: Rotational rebound attackson reduced skein, in: Adv. in Cryptology-ASIACRYPT 2010 , LNCS 6477 Springer, Heidelberg 2010, pp. 1-19. · Zbl 1253.94055
[9] ONDRO\check S, M.: ARX Ciphers, in: Master’s Thesis, Slovak University of Technology in Bratislava, 2013. (In Slovak)
[10] POPOV, V.-KUREPKIN, I. -LEONTIEV, S.: Additional Cryptographic Algorithmsfor Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, andGOST R 34.11-94 Algorithms, RFC 4357 (Informational), January 2006.
[11] POSCHMANN, A.-LING, S.-WANG, H.: 256 bit standardized crypto for 650 ge-gostrevisited, Cryptographic Hardware and Embedded Systems, CHES 2010 LNCS 6225, Springer, Heidelberg, 2010, pp. 219-233. · Zbl 1297.94098
[12] GOSUDARSTVENNYI STANDART SOJUZA SSR: Sistemy obrabotki informacii. Zashchita kryptograficheskaya, Algoritm kriptograficheskogo preobrazovaniya. GosudarstvennyiStandart Soyuza SSR, GOST: 28147-89, IPK Izdatelstvo standartov, Moskva, 1989.
[13] ZAJAC, P.-\check CAGALA, R.: Local reduction and the algebraic cryptanalysis of the blockcipher GOST, Periodica Mathematica Hungarica 65 (2012), 239-255.
[14] ZANECHAL, M.: An algebraic approach to fix points of GOST-algorithm, Mathematica Slovaca 51 (2001), 583-591. · Zbl 1004.68065
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.