Presentation is loading. Please wait.

Presentation is loading. Please wait.

The related key attack on the full GOST 28147-89 block cipher with four or two related keys Marina Pudovkina National Nuclear Research University (Moscow.

Published byColton Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "The related key attack on the full GOST 28147-89 block cipher with four or two related keys Marina Pudovkina National Nuclear Research University (Moscow."— Presentation transcript:

1 The related key attack on the full GOST 28147-89 block cipher with four or two related keys Marina Pudovkina National Nuclear Research University (Moscow Engineering-Physics Institute)

2 The GOST 28147-89 block cipher ●Gosudarstvennyi standard 28146-89. Cryptographic Protection for Data Processing Systems, 1989 ●64-bit block cipher ● 32-round Feistel cipher

3 The GOST 28147-89 block cipher ● The S-boxes are not specified in the standard, only that they are somehow supplied. All eight S-boxes are different; these are considered additional key material. ● The 256-bit secret key K is divided to eight 32-bit blocks: K 1, K 2,…, K 8. ● The key schedule produces round keys k 1, k 2,…,k 32 as follows:

4 Related key attacks on GOST ● [FGHL09] Fleischmann E., Gorski M,, Huehne J.-H., Lucks S., Key recovery attack on full GOST block cipher with zero time and memory.  Western European Workshop on Research in Cryptology  2009 ● The attack uses a related-key boomerang distinguisher technique ● The attack not allow to recover the secret key of the GOST block cipher with complexity less than the complexity of the exhaustive search

5 Related key attacks on GOST ● [Rud10] Rudskoy V., On zero practical significance of “Key recovery attack on full GOST block cipher with zero time and memory”, http://eprint.iacr.org/2010/ ● The main idea from [FGHL09] ● Related-key boomerang distinguisher technique ● 18 related keys to recover the 256-bit secret key ● Work for random S-boxes [Rud10] (?) We get ● The attack works if  = (1,0,0,0) is not a liner translator of S 1, i.e. for all  {0,1} 4 we have where α  U {0,1} 4

6 Our attack with 4 related keys ● Step I. Finding the round key k 32 (= k 1 ) of the last round 1.The related-key boomerang distinguisher from [Rud10] 2. 4 related keys K, K, K , K  ● Step II. Finding round keys k 31, k 30,…, k 27 1. The related-key truncated differential distinguisher based on the distinguisher used in [KHLLK04] Ko Y., Hong S., Lee W., Lee S., Kang J.-S., Related key differential attacks on 27 rounds of xtea and full- round gost. FSE, v. 3017, Springer, 2004 2. Two related keys K, K

7 Our attack with 4 related keys ● Step III. Finding round keys k 25, k 26 1.Combination related-key truncated differential and boomerang distinguishers 2.Two related keys K, K ● There are S-boxes for which the attack does not work ● The complexity depends on S-boxes ● To break GOST with S-boxes described in “Applied Cryptography” by B. Schneier we need 4 related keys, the probability of success is 0.92

8 Our attack with 2 related keys ● Step I. Finding round keys k 32, k 31,…, k 27. The related- key truncated differential distinguisher based on the distinguisher used in [KHLLK04] ● Step II. Finding round keys k 25, k 26. Combination related-key truncated differential and boomerang distinguishers ● There are S-boxes for which the attack does not work ● The complexity depends on S-boxes ● We cannot break GOST using two related keys with S-boxes described in “Applied Cryptography” by B. Schneier

9 Thank you for your attention!

Download ppt "The related key attack on the full GOST 28147-89 block cipher with four or two related keys Marina Pudovkina National Nuclear Research University (Moscow."

Similar presentations

Keyed, symmetric block cipher Designed in 1993. Can be used as a drop-in replacement for DES.

Keyed, symmetric block cipher Designed in Can be used as a drop-in replacement for DES.
Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.

Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.
Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.

1 Introduction to Practical Cryptography Lectures 3/4 Stream Ciphers.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
About a new generation of block ciphers and hash functions - DN and HDN Vlastimil Klíma Independent consultant

About a new generation of block ciphers and hash functions - DN and HDN Vlastimil Klíma Independent consultant
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
History Applications Attacks Advantages & Disadvantages Conclusion.

History Applications Attacks Advantages & Disadvantages Conclusion.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
“The Security Guru” Bruce Schneier Mario Basque Comp-1631 Winter, 2011.

“The Security Guru” Bruce Schneier Mario Basque Comp-1631 Winter, 2011.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
6. Practical Constructions of Symmetric-Key Primitives

6. Practical Constructions of Symmetric-Key Primitives
CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.

CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.

Similar presentations

Ads by Google