Chapter

Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 219-233

256 Bit Standardized Crypto for 650 GE – GOST Revisited

  • Axel PoschmannAffiliated withDivision of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University
  • , San LingAffiliated withDivision of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University
  • , Huaxiong WangAffiliated withDivision of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University

Abstract

The former Soviet encryption algorithm GOST 28147-89 has been standardized by the Russian standardization agency in 1989 and extensive security analysis has been done since. So far no weaknesses have been found and GOST is currently under discussion for ISO standardization. Contrary to the cryptographic properties, there has not been much interest in the implementation properties of GOST, though its Feistel structure and the operations of its round function are well-suited for hardware implementations. Our post-synthesis figures for an ASIC implementation of GOST with a key-length of 256 bits require only 800 GE, which makes this implementation well suitable for low-cost passive RFID-tags. As a further optimization, using one carefully selected S-box instead of 8 different ones -which is still fully compliant with the standard specifications!- the area requirement can be reduced to 651 GE.

Keywords

lightweight cryptography ASIC GOST