Improved Attacks on Full GOST

GOST is a well known block cipher which was developed in the Soviet Union during the 1970's as an alternative to the US-developed DES. In spite of considerable cryptanalytic effort, until very recently there were no published single key attacks against its full 32-round version which were faster than the 2256 time complexity of exhaustive search. In February 2011, Isobe used the previously discovered reflection property in order to develop the first such attack, which requires 232 data, 264 memory and 2224 time. In this paper we introduce a new fixed point property and a better way to attack 8-round GOST in order to find improved attacks on full GOST: Given 232 data we can reduce the memory complexity from an impractical 264 to a practical 236 without changing the 2224 time complexity, and given 264 data we can simultaneously reduce the time complexity to 2192 and the memory complexity to 236.

[1]  Orhun Kara,et al.  Reflection Cryptanalysis of Some Ciphers , 2008, INDOCRYPT.

[2]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[3]  Toshinobu Kaneko,et al.  Differential Cryptanalysis of Reduced Rounds of GOST , 2000, Selected Areas in Cryptography.

[4]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[5]  Stefan Lucks,et al.  On the Security of Tandem-DM , 2009, FSE.

[6]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[7]  Gaëtan Leurent,et al.  Narrow-Bicliques: Cryptanalysis of Full IDEA , 2012, EUROCRYPT.

[8]  María Naya-Plasencia,et al.  Cryptanalysis of ARMADILLO2 , 2011, ASIACRYPT.

[9]  Haibin Zhang,et al.  Online Ciphers from Tweakable Blockciphers , 2011, CT-RSA.

[10]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[11]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[12]  Vincent Rijmen,et al.  Known-Key Distinguishers for Some Block Ciphers , 2007, ASIACRYPT.

[13]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[14]  Seokhie Hong,et al.  Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST , 2004, FSE.

[15]  Thomas Shrimpton,et al.  Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem , 2006, IACR Cryptol. ePrint Arch..

[16]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[17]  D. Chaum,et al.  Cryptanalysis of DES with a reduced number of rounds , 1986, CRYPTO 1986.

[18]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[19]  Daesung Kwon,et al.  The Security of Abreast-DM in the Ideal Cipher Model , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[20]  Thomas Peyrin,et al.  Cryptanalysis of T-Function-Based Hash Functions , 2006, ICISC.

[21]  Nicolas Courtois,et al.  Algebraic Complexity Reduction and Cryptanalysis of GOST , 2011, IACR Cryptol. ePrint Arch..

[22]  Shoichi Hirose Provably Secure Double-Block-Length Hash Functions in a Black-Box Model , 2004, ICISC.

[23]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[24]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[25]  Vladimir Rudskoy On zero practical significance of "Key recovery attack on full GOST block cipher with zero time and memory" , 2010, IACR Cryptol. ePrint Arch..

[26]  Stéphane Badel,et al.  ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware , 2010, CHES.

[27]  Stefan Lucks,et al.  Security of Cyclic Double Block Length Hash Functions , 2009, IMACC.

[28]  Nicolas Courtois,et al.  Security Evaluation of GOST 28147-89 in View of International Standardisation , 2012, Cryptologia.

[29]  Eli Biham,et al.  Improved Slide Attacks , 2007, FSE.

[30]  Philip Hawkes,et al.  Differential-Linear Weak Key Classes of IDEA , 1998, EUROCRYPT.

[31]  Florian Mendel,et al.  Cryptanalysis of the GOST Hash Function , 2008, CRYPTO.

[32]  Mitsuru Matsui,et al.  Selected Areas In Cryptography: 10th Annual International Workshop, Sac 2003, Ottawa, Canada, August 14-15, 2003 (LECTURE NOTES IN COMPUTER SCIENCE) , 2004 .

[33]  Takanori Isobe A Single-Key Attack on the Full GOST Block Cipher , 2011, FSE.

[34]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[35]  Nicolas Courtois,et al.  Differential Cryptanalysis of GOST , 2011, IACR Cryptol. ePrint Arch..

[36]  Florian Mendel,et al.  A (Second) Preimage Attack on the GOST Hash Function , 2008, FSE.

[37]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[38]  John P. Steinberger,et al.  The Collision Security of Tandem-DM in the Ideal Cipher Model , 2011, CRYPTO.

[39]  Xuejia Lai,et al.  Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[40]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.