Annual International Cryptology Conference

CRYPTO 2008: Advances in Cryptology – CRYPTO 2008 pp 162-178

Cryptanalysis of the GOST Hash Function

  • Florian Mendel
  • Norbert Pramstaller
  • Christian Rechberger
  • Marcin Kontak
  • Janusz Szmidt
Conference paper

DOI: 10.1007/978-3-540-85174-5_10

Volume 5157 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

In this article, we analyze the security of the GOST hash function. The GOST hash function, defined in the Russian standard GOST 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterative structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation.

As a result of our security analysis of the GOST hash function, we present the first collision attack with a complexity of about 2105 evaluations of the compression function. Furthermore, we are able to significantly improve upon the results of Mendel et al. with respect to preimage and second preimage attacks. Our improved attacks have a complexity of about 2192 evaluations of the compression function.

Keywords

cryptanalysishash functioncollision attacksecond preimage attackpreimage attack
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Florian Mendel
    • 1
  • Norbert Pramstaller
    • 1
  • Christian Rechberger
    • 1
  • Marcin Kontak
    • 2
  • Janusz Szmidt
    • 2
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria
  2. 2.Institute of Mathematics and Cryptology, Faculty of CyberneticsMilitary University of TechnologyWarsawPoland