An Improved Differential Attack on Full GOST

GOST 28147-89 is a well-known block cipher. Its large key size of 256 bits and incredibly low implementation cost make it a plausible alternative for AES-256 and triple DES. Until 2010 "despite considerable cryptanalytic efforts spent in the past 20 years", GOST was not broken see [30]. Accordingly, in 2010 GOST was submitted to ISO 18033 to become a worldwide industrial encryption standard. In paper we focus on the question of how far one can go in a dedicated Depth-First-Search approach with several stages of progressive guessing and filtering with successive distinguishers. We want to design and optimized guess-then-truncated differential attack on full 32-bit GOST and make as efficient as we can.The main result of this paper is a single-key attack against full 32-round 256-bit GOST with time complexity of $$2^{179}$$ which is substantially faster than any other known single key attack on GOST.

[1]  Nicolas T. Courtois Cryptanalysis of Two GOST Variants with 128-Bit Keys , 2014, Cryptologia.

[2]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[3]  Nicolas T. Courtois,et al.  Propagation of Truncated Differentials in GOST , 2013 .

[4]  N. Courtois,et al.  Contradiction Immunity and Guess-Then-Determine Attacks on Gost , 2012 .

[5]  Evgeniya Ishchukova,et al.  Differential analysis of GOST encryption algorithm , 2010, SIN.

[6]  D. Chaum,et al.  Di(cid:11)erential Cryptanalysis of the full 16-round DES , 1977 .

[7]  Don Coppersmith,et al.  The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..

[8]  Onur Koçak,et al.  Cryptographic Randomness Testing of Block Ciphers and Hash Functions , 2010, IACR Cryptol. ePrint Arch..

[9]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[10]  Nicolas T. Courtois,et al.  Aggregated differentials and cryptanalysis of PP-1 and gost , 2012, Period. Math. Hung..

[11]  Adi Shamir,et al.  Improved Attacks on Full GOST , 2012, IACR Cryptol. ePrint Arch..

[12]  Nicolas Courtois,et al.  First Differential Attack on Full 32-Round GOST , 2011, ICICS.

[13]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[14]  Takanori Isobe A Single-Key Attack on the Full GOST Block Cipher , 2011, FSE.

[15]  Nicolas Courtois,et al.  Differential Cryptanalysis of GOST , 2011, IACR Cryptol. ePrint Arch..

[16]  A. N. Alekseychuk,et al.  Towards a Theory of Security Evaluation for GOST-like Ciphers against Differential and Linear Cryptanalysis , 2011, IACR Cryptol. ePrint Arch..

[17]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[18]  Nicolas T. Courtois CRYPTANALYSIS OF GOST IN THE MULTIPLE-KEY SCENARIO , 2013 .

[19]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[20]  Theodosis Mourouzis,et al.  Advanced Truncated Differential Attacks Against GOST Block Cipher and Its Variants , 2015 .

[21]  Theodosis Mourouzis,et al.  Optimizations in algebraic and differential cryptanalysis , 2015 .

[22]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[23]  Nicolas Courtois On Multiple Symmetric Fixed Points in GOST , 2015, Cryptologia.

[24]  Nicolas Courtois,et al.  Security Evaluation of GOST 28147-89 in View of International Standardisation , 2012, Cryptologia.

[25]  Martin R. Albrecht,et al.  An All-In-One Approach to Differential Cryptanalysis for Small Block Ciphers , 2012, Selected Areas in Cryptography.

[26]  Orhun Kara,et al.  Fixed Points of Special Type and Cryptanalysis of Full GOST , 2012, CANS.

[27]  Jean-Jacques Quisquater,et al.  Can GOST Be Made Secure Against Differential Cryptanalysis? , 2015, Cryptologia.

[28]  Ernst M. Gabidulin,et al.  Linear and Differential Cryptanalysis of Russian GOST , 2001, Electron. Notes Discret. Math..

[29]  Theodosis Mourouzis,et al.  Enhanced truncated differential cryptanalysis of GOST , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[30]  L. V. Kovalchuk Upper-bound estimation of the average probabilities of integer-valued differentials in the composition of key adder, substitution block, and shift operator , 2010 .

[31]  A. R. Crathorne The Law of Small Numbers , 1928, Numerology or What Pythagoras Wrought.

[32]  Toshinobu Kaneko,et al.  Differential Cryptanalysis of Reduced Rounds of GOST , 2000, Selected Areas in Cryptography.

[33]  Huaxiong Wang,et al.  256 Bit Standardized Crypto for 650 GE - GOST Revisited , 2010, CHES.

[34]  Theodosis Mourouzis,et al.  Advanced Differential Cryptanalysis and GOST Cipher , 2013 .

[35]  Nicolas Courtois Low-Complexity Key Recovery Attacks on GOST Block Cipher , 2013, Cryptologia.

[36]  Xuejia Lai,et al.  What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher , 2012, IACR Cryptol. ePrint Arch..

[37]  Nicolas Courtois,et al.  The Best Differential Characteristics and Subtleties of the Biham-Shamir Attacks on DES , 2005, IACR Cryptol. ePrint Arch..

[38]  Ariel Heryanto,et al.  The Development of "Development" , 1988 .

[39]  Jean-Jacques Quisquater,et al.  On Optimal Size in Truncated Differential Attacks , 2015 .

[40]  L. V. Kovalchuk,et al.  Analysis of mixing properties of the operations of modular addition and bitwise addition defined on one carrier , 2011 .

[41]  Nicolas Courtois,et al.  Algebraic Complexity Reduction and Cryptanalysis of GOST , 2011, IACR Cryptol. ePrint Arch..