On the extension and security of key schedule of GOST

Abstract

A type of simple key schedule especially suitable for lightweight block ciphers is defined as straightforward key schedule in this study. As a typical example, GOST-type key schedule, which is an extension of the key schedules of Russian Standard GOST and its newly modified version GOST2, is introduced and classified. GOST2 is designed based on the GOST encryption structure with different but the same type of key schedule to overcome the weakness of GOST against self-similarity properties-based attacks. However, it has been shown in Fast Software Encryption 2017, the simple change in the key schedule is insufficient to offer 256-bit security. By constructing an evaluation framework combining self-similarity properties and meet-in-the-middle attack, properties of GOST-type key schedules are evaluated, and candidate key schedules are provided in this work. These candidate key schedules are able to provide much better security for GOST and GOST2 ciphers than their original key schedules, and the pre-existing self-similarity properties-based attacks of full round GOST and GOST2 can be avoided. The designers of GOST and GOST2 should have been more cautious choosing the parameters of key schedules. The evaluation framework proposed can be used for reference in the design of other Feistel ciphers with straightforward key schedules.