Abstract
GOST 28147 is a 256-bit key 64-bit block cipher developed by the USSR, later adopted by the Russian government as a national standard. In 2010, GOST was suggested to be included in ISO/IEC 18033-3, but was rejected due to weaknesses found in its key schedule. In 2015, a new version of GOST was suggested with the purpose of mitigating such attacks. In this paper, we show that similar weaknesses exist in the new version as well. More specifically, we present a fixed-point attack on the full cipher with time complexity of 2237 encryptions. We also present a reflection attack with time complexity of 2192 for a key that is chosen from a class of 2224 weak keys. Finally, we discuss an impossible reflection attack which improves on exhaustive search by a factor of 2e, and several possible related-key attacks.
Highlights
GOST [Rus89] is a block cipher designed during the 1970’s by the Soviet Union as an alternative to the American DES [US 99]
We showed that the proposed fixes are insufficient in resisting these attacks, which rely on the key schedule, and that they can be adapted to the new version
We presented a reflection attack for a weak-key class of 2224 keys using 2192 full GOST2 encryptions, 232 known plaintexts, and 268.58 bytes of memory
Summary
GOST [Rus89] is a block cipher designed during the 1970’s by the Soviet Union as an alternative to the American DES [US 99]. In 2015, the Russian Technical Committee for Standardization (TC 26) added a new block cipher with a 128-bit block and a 256-bit key to the standard under the name Kuznyechik (Russian for Grasshopper) [Fed15] This cipher was later published in RFC7801, and was recently suggested to be included in ISO/IEC 18033-3. The modified version differs from the original GOST in two aspects: (i) it has a different key schedule, designed to avoid previous attacks and, (ii) it makes an explicit choice for the S-boxes. We refer to this version in the sequel as GOST2.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
