Impossible Differential Properties of Reduced Round Streebog

In this paper, we investigate the impossible differential properties of the underlying block cipher and compression function of the new cryptographic hashing standard of the Russian federation Streebog . Our differential trail is constructed in such a way that allows us to recover the key of the underlying block cipher by observing input and output pairs of the compression function which utilizes the block cipher in Miyaguchi-Preneel mode. We discuss the implication of this attack when utilizing Streebog to construct a MAC using the secret-IV construction. Moreover, we present two versions of the attack with different time-data trade-offs.

[1]  Orr Dunkelman,et al.  Attacks on Hash Functions Based on Generalized Feistel: Application to Reduced-Round Lesamnta and SHAvite-3512 , 2009, Selected Areas in Cryptography.

[2]  Bao Li,et al.  Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function , 2014, ACNS.

[3]  Amr M. Youssef,et al.  Preimage Attacks on Reduced-Round Stribog , 2014, AFRICACRYPT.

[4]  Thomas Peyrin,et al.  The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function , 2014, Selected Areas in Cryptography.

[5]  Florian Mendel,et al.  Cryptanalysis of the GOST Hash Function , 2008, CRYPTO.

[6]  John Kelsey,et al.  Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition , 2012 .

[7]  Gaëtan Leurent Practical Key Recovery Attack against Secret-IV Edon- , 2010, CT-RSA.

[8]  Amr M. Youssef,et al.  Watch your constants: malicious Streebog , 2014, IET Inf. Secur..

[9]  Eli Biham,et al.  Cryptanalysis of reduced variants of RIJNDAEL , 2000 .

[10]  Bart Preneel,et al.  Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms , 2008, CRYPTO.

[11]  Shuang Wu,et al.  Cryptanalysis of the Round-Reduced GOST Hash Function , 2013, Inscrypt.

[12]  Amr M. Youssef,et al.  Rebound Attacks on Stribog , 2013, ICISC.

[13]  Amr M. Youssef,et al.  Integral distinguishers for reduced-round Stribog , 2014, Inf. Process. Lett..

[14]  Vincent Rijmen,et al.  A New MAC Construction ALRED and a Specific Instance ALPHA-MAC , 2005, FSE.

[15]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[16]  Florian Mendel,et al.  A (Second) Preimage Attack on the GOST Hash Function , 2008, FSE.

[17]  V. A. Shishkin,et al.  Некоторые методы анализа функций хэширования и их применение к алгоритму ГОСТ Р 34.11-94 , 2012 .

[18]  Oleksandr Kazymyrov,et al.  Algebraic Aspects of the Russian Hash Standard GOST R 34.11-2012 , 2013, IACR Cryptol. ePrint Arch..

[19]  Gaëtan Leurent,et al.  Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5 , 2007, CRYPTO.

[20]  Itai Dinur,et al.  Improved Generic Attacks against Hash-Based MACs and HAIFA , 2014, CRYPTO.

[21]  Bart Preneel,et al.  On the Security of Iterated Message Authentication Codes , 1999, IEEE Trans. Inf. Theory.

[22]  王小云,et al.  Cryptanalysis of GOST R hash function , 2014 .

[23]  Guido Bertoni,et al.  Keccak sponge function family main document , 2009 .

[24]  Vincent Rijmen,et al.  The Pelican MAC Function , 2005, IACR Cryptol. ePrint Arch..

[25]  Amr M. Youssef,et al.  Differential Fault Analysis of Streebog , 2015, ISPEC.