Rotational cryptanalysis of GOST with identical S-boxes

Rok, strany: 2013, 1 - 19

Rotational cryptanalysis was introduced by Khovratovich and Nikolić as a tool to analyse ARX-type cipher designs. GOST 28147-89 is a former Soviet Union cipher standard based on a Feistel construction with 32 rounds. Each round function adds the round key modulo $2³²$, transforms the result with 4-to-4 bit S-boxes, and rotates the output. We apply the rotational cryptanalysis to a version of GOST using eight identical S-boxes, such as GOST-PS. We show the existence of (practical) rotational distinguisher in related key model for full GOST. Furthermore, there is a set of weak keys (rotationally symmetric keys) that enables rotational attacks in single-key model as well. Finally, we show a simple attack on the last round that uses the rotational distinguisher to reduce the complexity of the full GOST to $208$ bits.

ISO 690:

Zajac, P., Ondroš, M. 2013. Rotational cryptanalysis of GOST with identical S-boxes. In Tatra Mountains Mathematical Publications, vol. 57, no.4, pp. 1-19. 1210-3195.

APA:

Zajac, P., Ondroš, M. (2013). Rotational cryptanalysis of GOST with identical S-boxes. Tatra Mountains Mathematical Publications, 57(4), 1-19. 1210-3195.