Improved Attacks on Full GOST

  • Itai Dinur
  • Orr Dunkelman
  • Adi Shamir
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7549)


GOST is a well known block cipher which was developed in the Soviet Union during the 1970’s as an alternative to the US-developed DES. In spite of considerable cryptanalytic effort, until very recently there were no published single key attacks against its full 32-round version which were faster than the 2256 time complexity of exhaustive search. In February 2011, Isobe used the previously discovered reflection property in order to develop the first such attack, which requires 232 data, 264 memory and 2224 time. In this paper we introduce a new fixed point property and a better way to attack 8-round GOST in order to find improved attacks on full GOST: Given 232 data we can reduce the memory complexity from an impractical 264 to a practical 236 without changing the 2224 time complexity, and given 264 data we can simultaneously reduce the time complexity to 2192 and the memory complexity to 236.


Block cipher cryptanalysis GOST reflection property fixed point property 2D meet in the middle attack 


  1. 1.
    Biham, E., Dunkelman, O., Keller, N.: Improved Slide Attacks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 153–166. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Chaum, D., Evertse, J.-H.: Cryptanalysis of DES with a Reduced Number of Rounds. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 192–211. Springer, Heidelberg (1986)Google Scholar
  3. 3.
    Courtois, N.T.: Algebraic Complexity Reduction and Cryptanalysis of GOST. Cryptology ePrint Archive, Report 2011/626 (2011),
  4. 4.
    Courtois, N.T.: Security Evaluation of GOST 28147-89 in View of International Standardisation. Cryptology ePrint Archive, Report 2011/211 (2011),
  5. 5.
    Courtois, N.T., Misztal, M.: Differential Cryptanalysis of GOST. Cryptology ePrint Archive, Report 2011/312 (2011),
  6. 6.
    Dinur, I., Dunkelman, O., Shamir, A.: Improved Attacks on Full GOST. Cryptology ePrint Archive, Report 2011/558 (2011),
  7. 7.
    Fleischmann, E., Gorski, M., Huehne, J.-H., Lucks, S.: Key Recovery Attack on full GOST Block Cipher with Negligible Time and Memory. Presented at Western European Workshop on Research in Cryptology (WEWoRC) (2009)Google Scholar
  8. 8.
    Isobe, T.: A Single-Key Attack on the Full GOST Block Cipher. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 290–305. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Kara, O.: Reflection Cryptanalysis of Some Ciphers. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 294–307. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Ko, Y., Hong, S., Lee, W., Lee, S., Kang, J.-S.: Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 299–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Mendel, F., Pramstaller, N., Rechberger, C.: A (Second) Preimage Attack on the GOST Hash Function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 224–234. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Mendel, F., Pramstaller, N., Rechberger, C., Kontak, M., Szmidt, J.: Cryptanalysis of the GOST Hash Function. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 162–178. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    National Bureau of Standards. Federal Information Processing Standard-Cryptographic Protection - Cryptographic Algorithm. GOST 28147-89 (1989)Google Scholar
  15. 15.
    OpenSSL. A Reference Implementation of GOST,
  16. 16.
    Rudskoy, V.: On Zero Practical Significance of Key Recovery Attack on Full GOST Block Cipher with Zero Time and Memory. Cryptology ePrint Archive, Report 2010/111 (2010),
  17. 17.
    Seki, H., Kaneko, T.: Differential Cryptanalysis of Reduced Rounds of GOST. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 315–323. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Itai Dinur
    • 1
  • Orr Dunkelman
    • 1
    • 2
  • Adi Shamir
    • 1
  1. 1.Computer Science DepartmentThe Weizmann InstituteRehovotIsrael
  2. 2.Computer Science DepartmentUniversity of HaifaIsrael

Personalised recommendations