Integral distinguishers for reduced-round Stribog

Abstract In January 2013, the Stribog hash function officially replaced GOST R 34.11-94 as the new Russian cryptographic hash standard GOST R 34.11-2012. In this paper we investigate the structural integral properties of reduced-round versions of the Stribog compression function and its internal permutation. Specifically, we present forward and backward higher order integrals that can be used to distinguish 4 and 3.5 rounds, respectively. Using the start from the middle approach, we combine the two proposed integrals to get 6.5-round and 7.5-round distinguishers for the internal permutation and 6-round and 7-round distinguishers for the compression function.

[1]  Amr M. Youssef,et al.  Rebound Attacks on Stribog , 2013, ICISC.

[2]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[3]  Florian Mendel,et al.  Cryptanalysis of the GOST Hash Function , 2008, CRYPTO.

[4]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[5]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[6]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[7]  Oleksandr Kazymyrov,et al.  Algebraic Aspects of the Russian Hash Standard GOST R 34.11-2012 , 2013, IACR Cryptol. ePrint Arch..

[8]  Marine Minier,et al.  Integral Distinguishers of Some SHA-3 Candidates , 2010, CANS.

[9]  Marine Minier,et al.  Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks , 2009, AFRICACRYPT.

[10]  Florian Mendel,et al.  A (Second) Preimage Attack on the GOST Hash Function , 2008, FSE.

[11]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[12]  Anne Canteaut,et al.  A Unified Indifferentiability Proof for Permutation- or Block Cipher-Based Hash Functions , 2012, IACR Cryptol. ePrint Arch..

[13]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[14]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[15]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[16]  Marine Minier,et al.  An Integral Distinguisher on Grøstl-512 v3 , 2013, INDOCRYPT.

[17]  Xiaoyun Wang,et al.  Cryptanalysis of GOST R Hash Function , 2014, IACR Cryptol. ePrint Arch..

[18]  Yu Sasaki,et al.  Comprehensive Study of Integral Analysis on 22-Round LBlock , 2012, ICISC.

[19]  Lars R. Knudsen Non-random properties of reduced-round Whirlpool ⁄ NES/DOC/UIB/WP5/016/2 , 2002 .

[20]  John Kelsey,et al.  Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition , 2012 .

[21]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[22]  Vincent Rijmen,et al.  Known-Key Distinguishers for Some Block Ciphers , 2007, ASIACRYPT.