1 / 9

The related key attack on the full GOST 28147-89 block cipher with four or two related keys

The related key attack on the full GOST 28147-89 block cipher with four or two related keys . Marina Pudovkina National Nuclear Research University (Moscow Engineering-Physics Institute). The GOST 28147-89 block cipher .

julio
Télécharger la présentation

The related key attack on the full GOST 28147-89 block cipher with four or two related keys

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The related key attack on the full GOST 28147-89 block cipher with four or two related keys Marina Pudovkina National Nuclear Research University (Moscow Engineering-Physics Institute)

  2. The GOST 28147-89 block cipher • Gosudarstvennyi standard 28146-89. Cryptographic Protection for Data Processing Systems, 1989 • 64-bit blockcipher • 32-round Feistelcipher

  3. The GOST 28147-89 block cipher • The S-boxes are not specified in the standard, only that they are somehow supplied. All eight S-boxes are different; these are considered additional key material. • The 256-bit secret key Kis divided to eight 32-bit blocks: K1, K2,…, K8. • The key schedule produces round keys k1, k2,…,k32as follows:

  4. Related key attacks on GOST • [FGHL09] Fleischmann E., GorskiM,, HuehneJ.-H., Lucks S., Key recovery attack on full GOST block cipher with zero time and memory. Western European Workshop on Research in Cryptology 2009 • The attack uses a related-key boomerang distinguisher technique • The attack not allow to recover the secret key of the GOST block cipher with complexity less than the complexity of the exhaustive search

  5. Related key attacks on GOST • [Rud10] RudskoyV., On zero practical significance of “Key recovery attack on full GOST block cipher with zero time and memory”, http://eprint.iacr.org/2010/ • The main idea from [FGHL09] • Related-key boomerang distinguisher technique • 18 related keys to recover the 256-bit secret key • Work for random S-boxes [Rud10] (?) We get • The attack works if = (1,0,0,0) is not a liner translator of S1, i.e. for all {0,1}4 we have where αU{0,1}4

  6. Our attack with 4 related keys • Step I. Finding the round key k32 (= k1) of the last round • The related-key boomerang distinguisher from [Rud10] • 4 related keys K, K, K, K • Step II. Finding round keys k31, k30,…, k27 1. The related-key truncated differential distinguisher based on the distinguisher used in [KHLLK04] Ko Y., Hong S., Lee W., Lee S., Kang J.-S., Related key differential attacks on 27 rounds of xtea and full-round gost. FSE, v. 3017, Springer, 2004 2. Two related keys K, K

  7. Our attack with 4 related keys • Step III. Finding round keys k25, k26 • Combination related-key truncated differential and boomerang distinguishers • Two related keys K, K • There are S-boxes for which the attack does not work • The complexity depends on S-boxes • To break GOST with S-boxes described in “Applied Cryptography” by B. Schneier we need 4 related keys, the probability of success is 0.92

  8. Our attack with 2 related keys • Step I. Finding round keys k32, k31,…, k27. The related-key truncated differential distinguisher based on the distinguisher used in [KHLLK04] • Step II. Finding round keys k25,k26. Combination related-key truncated differential and boomerang distinguishers • There are S-boxes for which the attack does not work • The complexity depends on S-boxes • We cannot break GOST using two related keys with S-boxes described in “Applied Cryptography” by B. Schneier

  9. Thank you for your attention!

More Related