A Single-Key Attack on the Full GOST Block Cipher

The GOST block cipher is the Russian encryption standard published in 1989. In spite of considerable cryptanalytic efforts over the past 20 years, a key recovery attack on the full GOST block cipher without any key conditions (e.g., weak keys and related keys) has not been published yet. In this paper, we show a first single-key attack, which works for all key classes, on the full GOST block cipher. To construct the attack, we develop a new attack framework called Reflection-Meet-inthe-Middle Attack. This approach combines techniques of the reflection attack and the meet-in-the-middle attack. We apply it to the GOST block cipher with further novel techniques which are the effective MITM techniques using equivalent keys on short rounds. As a result, a key can be recovered with 2225 computations and 232 known plaintexts.

[1]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[2]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[3]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[4]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[5]  Orhun Kara,et al.  A New Class of Weak Keys for Blowfish , 2007, FSE.

[6]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[7]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[8]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, EUROCRYPT.

[9]  Orhun Kara,et al.  Reflection Cryptanalysis of Some Ciphers , 2008, INDOCRYPT.

[10]  Florian Mendel,et al.  A (Second) Preimage Attack on the GOST Hash Function , 2008, FSE.

[11]  D. Chaum,et al.  Cryptanalysis of DES with a reduced number of rounds , 1986, CRYPTO 1986.

[12]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[13]  Toshinobu Kaneko,et al.  Differential Cryptanalysis of Reduced Rounds of GOST , 2000, Selected Areas in Cryptography.

[14]  Huaxiong Wang,et al.  256 Bit Standardized Crypto for 650 GE - GOST Revisited , 2010, CHES.

[15]  Eli Biham,et al.  Improved Slide Attacks , 2007, FSE.

[16]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[17]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[18]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[19]  Yu Sasaki,et al.  Finding Preimages in Full MD5 Faster Than Exhaustive Search , 2009, EUROCRYPT.

[20]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[21]  Bart Preneel,et al.  Improved Meet-in-the-Middle Attacks on Reduced-Round DES , 2007, INDOCRYPT.

[22]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[23]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[24]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[25]  Vladimir Rudskoy On zero practical significance of "Key recovery attack on full GOST block cipher with zero time and memory" , 2010, IACR Cryptol. ePrint Arch..

[26]  Florian Mendel,et al.  Cryptanalysis of the GOST Hash Function , 2008, CRYPTO.

[27]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[28]  David Chaum,et al.  Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers , 1985, CRYPTO.

[29]  Seokhie Hong,et al.  Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST , 2004, FSE.