Abstract
GOST 28147-89 is a well-known block cipher and the official encryption standard of the Russian Federation. A 256-bit block cipher considered as an alternative for AES-256 and triple DES, having an amazingly low implementation cost and thus increasingly popular and used [12,15,13,20]. Until 2010 researchers have written that: “despite considerable cryptanalytic efforts spent in the past 20 years, GOST is still not broken”, see [15] and in 2010 it was submitted to ISO 18033 to become a worldwide industrial encryption standard. In 2011 it was suddenly discovered that GOST is insecure on more than one account. There is a variety of recent attacks on GOST [3,7]. We have reflection attacks [14,7], attacks with double reflection [7], and various attacks which do not use reflections [7,3]. The final key recovery step in these attacks is in most cases a software algebraic attack [7,3] and sometimes a Meet-In-The-Middle attack [14,7].
In this paper we show that GOST is NOT SECURE even against (advanced forms of) differential cryptanalysis (DC). Previously Russian researchers postulated that GOST will be secure against DC for as few as 7 rounds out of 32 [9,19] and Japanese researchers were already able to break about 13 rounds [18]. In this paper we show a first advanced differential attack faster than brute force on full 32-round GOST.
This work was supported by Polish Ministry of Science and Higher Education under research project Nr O R00 0111 12 and by the European Commission under the FP7 project number 242497 Resilient Infrastructure and Building Security (RIBS).
Chapter PDF
Similar content being viewed by others
Keywords
References
Biham, E., Furman, V., Misztal, M., Rijmen, V.: Differential Cryptanalysis of Q. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 174–186. Springer, Heidelberg (2002)
Biham, E., Shamir, A.: Differential Cryptanalysis of the Full 16-Round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)
Courtois, N.T.: Security Evaluation of GOST 28147-8. View Of International Standardisation, document officially submitted to ISO in May 2011. In: Cryptology ePrint Archive, Report 2011/211, May 1 (2011), http://eprint.iacr.org/2011/211/
Courtois, N.T., Misztal, M.: Differential Cryptanalysis of GOST. In: Cryptology ePrint Archive, Report 2011/312, June 14 (2011), http://eprint.iacr.org/2011/312
Courtois, N.T., Misztal, M.: Aggregated Differentials and Cryptanalysis of PP-1 and GOST. In: 11th Central European Conference on Cryptology, Post-proceedings Expected to Appear in Periodica Mathematica Hungarica
Courtois, N.T.: General Principles of Algebraic Attacks and New Design Criteria for Cipher Components. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 67–83. Springer, Heidelberg (2005)
Courtois, N.T.: Algebraic Complexity Reduction and Cryptanalysis of GOST. Preprint, submitted to Crypto 2011, later split in several papers, a short and basic version exactly as submitted to Asiacrypt (2011), http://www.nicolascourtois.com/papers/gostac11.pdf
Furuya, S.: Slide Attacks with a Known-Plaintext Cryptanalysis. In: Kim, K.-c. (ed.) ICICS 2001. LNCS, vol. 2288, pp. 214–225. Springer, Heidelberg (2002)
Shorin, V.V., Jelezniakov, V.V., Gabidulin, E.M.: Linear and Differential Cryptanalysis of Russian GOST. Preprint submitted to Elsevier Preprint, April 4 (2001)
Zabotin, I.A., Glazkov, G.P., Isaeva, V.B.: Cryptographic Protection for Information Processing Systems, Government Standard of the USSR, GOST 28147-89, Government Committee of the USSR for Standards (1989) (in Russian, Translated to English in [11])
An English translation of [10] by Aleksandr Malchik with an English Preface co-written with Whitfield Diffie, can be found at, http://www.autochthonous.org/crypto/gosthash.tar.gz
Dolmatov, V. (ed.): RFC 5830: GOST 28147-89 encryption, decryption and MAC algorithms, IETF (March 2010) ISSN: 2070-1721, http://tools.ietf.org/html/rfc5830
A Russian reference implementation of GOST implementing Russian algorithms as an extension of TLS v1.0. is available as a part of OpenSSL library. The file gost89.c contains eight different sets of S-boxes and is found in OpenSSL 0.9.8 and later, http://www.openssl.org/source/
Isobe, T.: A Single-Key Attack on the Full GOST Block Cipher. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 290–305. Springer, Heidelberg (2011)
Poschmann, A., Ling, S., Wang, H.: 256 Bit Standardized Crypto for 650 GE – GOST Revisited. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 219–233. Springer, Heidelberg (2010)
Charnes, C., O’Connor, L., Pieprzyk, J., Safavi-Naini, R., Zheng, Y.: Comments on Soviet Encryption Algorithm. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 433–438. Springer, Heidelberg (1995)
Saarinen, M.-J.: A chosen key attack against the secret S-boxes of GOST (1998) (unpublished manuscript)
Seki, H., Kaneko, T.: Differential Cryptanalysis of Reduced Rounds of GOST. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 315–323. Springer, Heidelberg (2001)
Schneier, B.: Section 14.1 GOST. In: Applied Cryptography, 2nd edn. John Wiley and Sons (1996) ISBN 0-471-11709-9
Dai, W.: Crypto++, a public domain library containing a reference C++ implementation of GOST and test vectors, http://www.cryptopp.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Courtois, N.T., Misztal, M. (2011). First Differential Attack on Full 32-Round GOST. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds) Information and Communications Security. ICICS 2011. Lecture Notes in Computer Science, vol 7043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25243-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-25243-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25242-6
Online ISBN: 978-3-642-25243-3
eBook Packages: Computer ScienceComputer Science (R0)