256 Bit Standardized Crypto for 650 GE - GOST Revisited

The former Soviet encryption algorithm GOST 28147-89 has been standardized by the Russian standardization agency in 1989 and extensive security analysis has been done since. So far no weaknesses have been found and GOST is currently under discussion for ISO standardization. Contrary to the cryptographic properties, there has not been much interest in the implementation properties of GOST, though its Feistel structure and the operations of its round function are well-suited for hardware implementations. Our post-synthesis figures for an ASIC implementation of GOST with a key-length of 256 bits require only 800 GE, which makes this implementation well suitable for low-cost passive RFID-tags. As a further optimization, using one carefully selected S-box instead of 8 different ones -which is still fully compliant with the standard specifications!- the area requirement can be reduced to 651 GE.

[1]  Mark Weiser,et al.  The computer for the 21st Century , 1991, IEEE Pervasive Computing.

[2]  Seokhie Hong,et al.  Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST , 2004, FSE.

[3]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[4]  Jean-Jacques Quisquater,et al.  ASIC Implementations of the Block Cipher SEA for Constrained Applications , 2007 .

[5]  Panu Hämäläinen,et al.  Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[6]  Phong Q. Nguyen Progress in Cryptology - VIETCRYPT 2006 , 2007 .

[7]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[8]  Toshinobu Kaneko,et al.  Differential Cryptanalysis of Reduced Rounds of GOST , 2000, Selected Areas in Cryptography.

[9]  Eli Biham,et al.  Improved Slide Attacks , 2007, FSE.

[10]  Vincent Rijmen,et al.  Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings , 2008, INDOCRYPT.

[11]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[12]  Jianzhong Li,et al.  Modified S-box to Archive Accelerated GOST , 2007 .

[13]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[14]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[15]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[16]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[17]  Josef Pieprzyk,et al.  Comments on Soviet Encryption Algorithm , 1994, EUROCRYPT.

[18]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[19]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[20]  Matthew J. B. Robshaw,et al.  Searching for Compact Algorithms: cgen , 2006, VIETCRYPT.

[21]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[22]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[23]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[24]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[25]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[26]  Orhun Kara,et al.  Reflection Cryptanalysis of Some Ciphers , 2008, INDOCRYPT.

[27]  T. Good,et al.  Hardware results for selected stream cipher candidates , 2007 .

[28]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[29]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[30]  Chris Charnes,et al.  Further Comments on the Soviet Encryption Algorithm , 1994 .

[31]  C. Small Arithmetic of Finite Fields , 1991 .

[32]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.