Skip to main content
SpringerLink
Log in

Aggregated differentials and cryptanalysis of PP-1 and gost

  • Published:
Periodica Mathematica Hungarica Aims and scope Submit manuscript

Abstract

In this paper we look at the security of two block ciphers which were both claimed in the published literature to be secure against differential crypt-analysis (DC). However, a more careful examination shows that none of these ciphers is very secure against... differential cryptanalysis, in particular if we consider attacks with sets of differentials. For both these ciphers we report new perfectly periodic (iterative) aggregated differential attacks which propagate with quite high probabilities.

The first cipher we look at is GOST, a well-known Russian government encryption standard. The second cipher we look at is PP-1, a very recent Polish block cipher. Both ciphers were designed to withstand linear and differential cryptanalysis. Unhappily, both ciphers are shown to be much weaker than expected against advanced differential attacks. For GOST, we report better and stronger sets of differentials than the best currently known attacks presented at SAC 2000 [32] and propose the first attack ever able to distinguish 16 rounds of GOST from random permutation. For PP-1 we show that in spite of the fact, that its S-box has an optimal theoretical security level against differential cryptanalysis [17], [29], our differentials are strong enough to allow to break all the known versions of the PP-1 cipher.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Eli Biham, Vladimir Furman, Michal Misztal and Vincent Rijmen, Differential Cryptanalysis of Q, FSE 2002, LNCS 2355, Springer, 2002.

  2. A. Biryukov and D. Wagner, Slide attacks, Proceedings of FSE’99, LNCS 1636, Springer, 1999, 245–259.

  3. Alex Biryukov and David Wagner, Advanced slide attacks, Eurocrypt 2000, LNCS 1807, Springer, 2000, 589–606.

  4. Christophe De Cannière, GOST article, Encyclopedia of Cryptography and Security, 2005, 242–243.

  5. C. Charnes, L. O’Connor, J. Pieprzyk, R. Savafi-Naini and Y. Zheng, Further comments on GOST encryption algorithm, Preprint 94-9, Department of Computer Science, The University of Wollongong, 1994.

  6. C. Charnes, L. O’Connor, J. Pieprzyk, R. Savafi-naini and Y. Zheng, Comments on Soviet encryption algorithm, Advances in Cryptology (Eurocrypt’94 Proceedings), LNCS 950 (ed. A. De Santis), Springer, 1995, 433–438.

  7. K. Chmiel, Differential and linear methods of cryptanalysis of block ciphers (in Polish), Habilitation dissertation, Poznan, 2009.

    Google Scholar 

  8. K. Chmiel, A. Grocholewska-Czurylo and J. Stoklosa, Involutional block cipher for limited resources, IEEE GLOBECOM 2008, 2008, 1–5.

  9. Nicolas Courtois, General principles of algebraic attacks and new design criteria for components of symmetric ciphers, AES 4, LNCS 3373, Springer, 2005, 67–83.

  10. Nicolas Courtois, Algebraic complexity reduction and cryptanalysis of GOST, Cryptology ePrint Archive, Report 626, 2011, http://eprint.iacr.org/.

  11. Nicolas Courtois, Security evaluation of GOST 28147-89 in view of international standardisation, Cryptologia, 36 (2012), 2–13.

    Article  Google Scholar 

  12. Nicolas Courtois, An improved differential attack on full GOST, Cryptology ePrint Archive, Report 138, 2012, http://eprint.iacr.org/.

  13. Nicolas Courtois, Gregory V. Bard and David Wagner, Algebraic and slide attacks on KeeLoq, FSE 2008, LNCS 5086, Springer, 2008, 97–115.

  14. Nicolas Courtois and Micha L Misztal, First differential attack on full 32-round GOST, ICICS’11, LNCS series, Springer, accepted.

  15. Nicolas Courtois and Micha L Misztal, Differential cryptanalysis of GOST, Cryptology ePrint Archive, Report 312, 2011, http://eprint.iacr.org/.

  16. Nicolas Courtois and Josef Pieprzyk, Cryptanalysis of block ciphers with overdefined systems of equations, Asiacrypt 2002, LNCS 2501, Springer, 2002, 267–287.

  17. Joan Daemen and Vincent Rijmen, The Design of Rijndael, AES — The Advanced Encryption Standard, Springer, Berlin, 2002.

    MATH  Google Scholar 

  18. Wei Dai, Crypto++, A public domain library, http://www.cryptopp.com.

  19. Fleischmann Ewan, Gorski Michael, Huehne Jan-hendrik and Lucks Stefan, Key recovery attack on full GOST block cipher with zero time and memory, Published as ISO/IEC JTC 1/SC 27 N8229, 2009.

  20. Soichi Furuya, Slide attacks with a known-plaintext cryptanalysis, ICISC 2001, LNCS 2288, 2002, 11–50.

  21. Orhun Kara, Reflection cryptanalysis of some ciphers, Indocrypt 2008, LNCS 5365, 2008, 294–307.

  22. John Kelsey, Bruce Schneier and David Wagner, Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES, Crypto’96, LNCS 1109, Springer, 1996.

  23. Lars R. Knudsen, Truncated and higher order differentials, Fast Software Encryption 1995, Lecture Notes in Computer Science 1008, Springer Verlag, Berlin, Heidelberg, New York, 1995, 196–211.

    Google Scholar 

  24. Florian Mendel, Norbert Pramstaller, Christian Rechberger, Marcin Kontak and Janusz Szmidt, Cryptanalysis of the GOST hash function, Crypto 2008, LNCS 5157, Springer, 2008, 162–178.

  25. Micha L Misztal, Differential cryptanalysis of PP-1 cipher, Workshop on Cryptography and Security Systems (CSS 2011, September 26–28, 2011, Naleczow, Poland); Journal Annales UMCS ser. Informatica.

  26. Openssl Library, A Russian reference implementation of GOST implementing Russian algorithms as an extension of TLS v1.0, OpenSSL 0.9.8, gost89.c, http://www.openssl.org/source/.

  27. Axel Poschmann, San Ling and Huaxiong Wang, 256 bit standardized crypto for 650 GE GOST revisited, CHES 2010, LNCS 6225, 2010, 219–233.

  28. J. Pieprzyk and L. Tombak, Soviet encryption algorithm, Preprint 94-10, Department of Computer Science, The University of Wollongong, 1994.

  29. Vincent Rijmen, Cryptanalysis and design of iterated block ciphers, PhD Thesis, K. U. Leuven, October 1997.

  30. Vladimir Rudskoy, On zero practical significance of “Key recovery attack on full GOST block cipher with zero time and memory”, Cryptology ePrint Archive, Report 111, 2010, http://eprint.iacr.org.

  31. Markku-Juhani Saarinen, A chosen key attack against the secret S-boxes of GOST, manuscript, 1998.

  32. Haruki Seki and Toshinobu Kaneko, Differential cryptanalysis of reduced rounds of GOST, SAC 2000, Selected Areas in Cryptography (eds. Douglas R. Stinson and Stafford E. Tavares), LNCS 2012, Springer, 2000, 315–323.

  33. Bruce Schneier, Applied Cryptography, Second Edition, Section 14.1 GOST, John Wiley and Sons, 1996.

  34. Bruce Schneier, The GOST encryption algorithm, Dr. Dobb’s Journal, 20 (1995), 2.

    Google Scholar 

  35. Vitaly V. Shorin, Vadim V. Jelezniakov and Ernst M. Gabidulin, Linear and differential cryptanalysis of Russian GOST, Elsevier Preprint, 2001.

  36. V. V. Shorin, V. V. Jelezniakov, E. M. Gabidulin, Security of algorithm GOST 28147-89 (in Russian), Abstracts of XLIII MIPT Science Conference (December 8–9, 2000).

  37. I. A. Zabotin, G. P. Glazkov and V. B. Isaeva, Cryptographic Protection for Information Processing Systems (in Russian), Government Standard of the USSR, GOST 28147-89, Government Committee of the USSR for Standards, 1989; translated to English by Aleksandr Malchik (English preface co-written with Whitfield Diffie), http://www.autochthonous.org/crypto/gosthash.tar.gz.

Download references

Author information

Authors and Affiliations

  1. University College London, Gower Street, London, UK

    Nicolas T. Courtois

  2. Military University of Technology, Kaliskiego 2, Warsaw, Poland

    Michał Misztal

Authors
  1. Nicolas T. Courtois
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michał Misztal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michał Misztal.

Additional information

This work was supported by Polish Ministry of Science and Higher Education under re-search project Nr O R00 0111 12 and by the European Commission under the FP7 project number 242497 Resilient Infrastructure and Building Security (RIBS).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Courtois, N.T., Misztal, M. Aggregated differentials and cryptanalysis of PP-1 and gost. Period Math Hung 65, 177–192 (2012). https://doi.org/10.1007/s10998-012-2983-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10998-012-2983-8

Mathematics subject classification numbers

Key words and phrases

Search

Navigation