ABSTRACT
This paper is devoted to the investigation of GOST algorithm with regard to its resistance against algebraic cryptanalysis. GOST algorithm is a state standard of Russian Federation. Its characteristic feature is the use of variable S-blocks and simple mathematical operations. It is considered that any initial values of S-blocks provide enough strength to resist any attacks. The general idea of algebraic analysis is based on the representation of initial encryption algorithm as a system of multivariate quadratic equations, which define relations between a secret key and a cipher text. Extended linearization method is evaluated as a method for solving the nonlinear system of equations.
The most challenging problem of the analysis is caused by addition modulo 2n in GOST. In order to make the analysis simpler we have considered a simplified scheme for GOST, in which the operation of addition modulo 2n is replaced by the addition modulo 2 (denoted as GOST+). We have proposed an analysis algorithm of GOST according to experimental data.
The research has shown that 32-round GOST is described by a system of 5376 quadratic equations, which characterize dependencies between inputs and outputs of S-blocks. The total number of variables is 2048 and the system contains 9472 monomials. Generation of the system for a single-round GOST demands circa 14 hours (with AMD Athlon X2DualCore processor 3800+, 1Gb RAM).
- Shannon C.E. Communication theory of secret systems. Bell System Technical Journal 28, 704 (1949)Google ScholarCross Ref
- Nicolas Courtois, Gregory V. Bard: Algebraic Cryptanalysis of the Data Encryption Standard, In 11-th IMA Conference, Cirencester, UK, 18--20 December 2007, Springer LNCS 4887. Google ScholarDigital Library
- Patarin J. Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of Asymmetric Algorithms; in Eurocrypt'96, Springer Verlag, pp. 33--48. Google ScholarDigital Library
- Nicolas Courtois and Josef Pieprzyk, Cryptanalysis of Block Ciphers with Overdefined Systems of Equations In Yuliang Zheng, editor, ASIACRYPT 2002, volume 2501 of Lecture Notes in Computer Science, pages 267--287. Springer, 2002. Google ScholarDigital Library
- Bruno Buchberger. Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. PhDthesis, 1965.Google Scholar
- Jean-Charles Faugère, A new efficient algorithm for computing Gröbner bases (F4), Journal of Pure and Applied Algebra 139 (1999) pp. 61--88.Google ScholarCross Ref
- Jean-Charles Faugère, A new efficient algorithm for computing Gröbner basis without reduction to 0 F5, In T. Mora, editor, Proceeding of ISSAC, pages 75--83, ACM Press, July 2002. Google ScholarDigital Library
- A.Kipnis, A. Shamir. Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. Crypto99, LNCS 142,144. Springer-Verlag, pp.19--31. Google ScholarDigital Library
- L. Babenko, E. Ishchukova, Differential Analysis GOST Encryption Algorithm // Proceedings of the 3rd International Conference of Security of Information and Networks (SIN 2010), p.149--157. ACM, New York, 2010. Google ScholarDigital Library
- A. Biryukov and D. Wagner. Advanced Slide Attacks. In Proc. EUROCRYPT 2000, LNCS 1807, pp.589--606, Springer, 2000. Google ScholarDigital Library
- Orhun Kara. Reflection Attacks on Product Ciphers. Cryptology ePrint Archive, Report 2007/043, 2007. http://eprint.iacr.org/Google Scholar
- Nicolas Courtois and Blandine Debraize: Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0., In ICICS 2008, 10th International Conference on Information and Communications Security, 20 - 22 October, 2008, Birmingham, UK. In LNCS 5308, pp. 328--344, Springer, 2008. Google ScholarDigital Library
- N. Courtois, A. Klimov, J. Patarin, A. Shamir. Efficient Algorithms for solving Overdefined System of Multivariate Polynomial Equations. Eurocrypt'2000, LNCS 1807. Springer-Verlag, pp. 392--407. Google ScholarDigital Library
Index Terms
- Algebraic analysis of GOST encryption algorithm
Recommendations
Differential analysis of GOST encryption algorithm
SIN '10: Proceedings of the 3rd international conference on Security of information and networksIn this article we explore the resistance of the GOST 28147-89 algorithm (commonly referred to as GOST) to the attack based on differential cryptanalysis. GOST algorithm is used as a national standard in the Russian Federation. GOST uses variable ...
Algebraic Fault Analysis on GOST for Key Recovery and Reverse Engineering
FDTC '14: Proceedings of the 2014 Workshop on Fault Diagnosis and Tolerance in CryptographyGOST is a well-known block cipher as the official encryption standard for the Russian Federation. A special feature of GOST is that its eight S-boxes can be secret. However, most of the researches on GOST assume that the design of these S-boxes is ...
Cryptanalysis of the Round-Reduced GOST Hash Function
Information Security and CryptologyAbstractThe GOST hash function, defined in GOST R 34.11-2012, was selected as the new Russian standard on August 7, 2012. It is designed to replace the old Russian standard GOST R 34.11-94. The GOST hash function is an AES-based primitive and is ...
Comments