Practical-Time Related-Key Attack on GOST with Secret S-Boxes

Orr Dunkelman, Nathan Keller, Ariel Weizmann

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

The block cipher GOST 28147-89 was the Russian Federation encryption standard for over 20 years, and is still one of its two standard block ciphers. GOST is a 32-round Feistel construction, whose security benefits from the fact that the S-boxes used in the design are kept secret. In the last 10 years, several attacks on the full 32-round GOST were presented. However, they all assume that the S-boxes are known. When the S-boxes are secret, all published attacks either target a small number of rounds, or apply for small sets of weak keys. In this paper we present the first practical-time attack on GOST with secret S-boxes. The attack works in the related-key model and is faster than all previous attacks in this model which assume that the S-boxes are known. The complexity of the attack is less than 227 encryptions. It was fully verified, and runs in a few seconds on a PC. The attack is based on a novel type of related-key differentials of GOST, inspired by local collisions. Our new technique may be applicable to certain GOST-based hash functions as well. To demonstrate this, we show how to find a collision on a Davies-Meyer construction based on GOST with an arbitrary initial value, in less than 210 hash function evaluations.

Original languageEnglish
Title of host publicationAdvances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings
EditorsHelena Handschuh, Anna Lysyanskaya
PublisherSpringer Science and Business Media Deutschland GmbH
Pages177-208
Number of pages32
ISBN (Print)9783031385476
DOIs
StatePublished - 2023
EventAdvances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings - Santa Barbara, United States
Duration: 20 Aug 202324 Aug 2023

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14083 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceAdvances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings
Country/TerritoryUnited States
CitySanta Barbara
Period20/08/2324/08/23

Bibliographical note

Publisher Copyright:
© 2023, International Association for Cryptologic Research.

Funding

O. Dunkelman—Supported in part by the Center for Cyber, Law, and Policy in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office and by the Israeli Science Foundation through grants No. 880/18 and 3380/19. N. Keller and A. Weizmann—Supported by the European Research Council under the ERC starting grant agreement n. 757731 (LightCrypt) and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office. A. Weizmann—Supported by the President Scholarship for Ph.D. students at the Bar-Ilan University.

FundersFunder number
European Commission757731
Bar-Ilan University
Israel Science Foundation880/18, 3380/19

    Keywords

    • GOST
    • Local collision
    • Related-key differential cryptanalysis

    Fingerprint

    Dive into the research topics of 'Practical-Time Related-Key Attack on GOST with Secret S-Boxes'. Together they form a unique fingerprint.

    Cite this