On multiple symmetric fixed points in GOST

In this article the author revisits the oldest attack on GOST known, the Kara Reflection attack, and another totally unrelated truncated differential attack by Courtois and Misztal. It is hard to imagine that there could be any relationship between two so remote attacks which have nothing in common. However, there is one: Very surprisingly, both properties can be combined and lead the fastest attack on GOST ever found, which is nearly feasible to execute in practice

Advanced truncated differential cryptanalysis of GOST block cipher

n this paper, we use the ideas presented by Courtois and Mourouzis to study the security of two variants of GOST, which are considered as the simpler and most secure variants [9]; the one with the S-boxes replaced by the Identity Map and the ISO version which is assumed to be the strongest one. The advanced differential attacks we present are of the form of Depth-First Key search, which uses a 20 round distinguisher in the middle (or equivalently 26-round distinguisher for the simpler version of GOST with Identity Map) [11]. The main idea is that we consider a partition of the 32 rounds by placing in the middle the constructed distinguisher. Then, based on the weak diffusion we can extend these very strong statistical distinguishers to efficiently good filters for some external rounds. Then, by guessing some key bits for external rounds and determining some plaintext and ciphertext pairs of specified input-output differences we can extend the construction to an attack against the full block cipher. Thus, the technique we apply is a generic cryptanalytic framework of First-Search key search type which involves several optimization tasks obtained from the specific structure of the given encryption algorithm

A proposed hybrid cryptography algorithm based on GOST and salsa (20)

Security concepts are frequently used interchangeably. These concepts are interrelated and share similar objectives for the protection of privacy, credibility, and access to information; however, there are some slight differences between them. Such variations lie mostly in the subject matter approach, the approaches used, and the focus fields. With the intention of protecting data in contradiction of unauthorized or unintentional disclosure, cryptography is used during transit (electronic or physical) and when data is stored. In the course of the past few years, some block ciphers and stream ciphers have been proposed. These block ciphers take encryption method that uses Substitution-Permutation and Feistel network structure while stream ciphers choose a onetime method. GOST encryption is based on the confidentiality of the secret key. However, it leads to the same ciphertext being generated when the encryption program is used with the same key for the plain text. Reproduction of messages can thus easily be identified by an opponent that is a weak link in any communication. In this paper, proposed a hybrid encryption method based on GOST block cipher and Salsa stream cipher to provide proper security with as high hardness randomly enhances the five standard tests and modifies key schedule as secure operations. The downside of the GOST algorithm is a simple key schedule so that in certain circumstances be the weak point of the method of cryptanalysis as related-key cryptanalysis. However, this resolved by the proposed method by passing the keys of GOST to Salsa stream to have the right combination and more robustness security. Its need for 2256 probable keys to breaking keys that, because of its uncomfortable procedure in this situation, is to be not used brute force attack. Correspondingly, five standard tests successfully surpassed the randomness of a proposed method

Towards a combined Rotational-Differential Cryptanalytic Framework

In this report, we suggest a new cryptanalytic framework of constructing distinguishers which can be eventually extended to full attacks in the related-key scenario. We name this new paradigm as ”Relational Cryptanalysis”. The main idea is to exhibit the non-randomness of a given encryption algorithm by observing the propagation of specific sets of plaintexts of the form (P,P′) such that these pairs satisfy some rotational and differential properties of the form R1(P) = P′ and P ⊕ P′ ∈ ∆P, for some rotational symmetry R1 and fixed set of differences ∆P . Except of rotational and differential properties, we can add any other relation which seems to hold for a reduced number of rounds of the cryptographic primitive we study. Intuitively, we expect that by adding more relations we increase the observed probability of the propagation and this result to stronger statistical distinguishers

An Improved Differential Attack on Full GOST

GOST 28147-89 is a well-known block cipher. Its large key size of 256 bits and incredibly low implementation cost make it a plausible alternative for AES-256 and triple DES. Until 2010 \despite considerable cryptanalytic efforts spent in the past 20 years", GOST was not broken see [30]. Accordingly, in 2010 GOST was submitted to ISO 18033 to become a worldwide industrial encryption standard. In paper we focus on the question of how far one can go in a dedicated Depth-First-Search approach with several stages of progressive guessing and filtering with successive distinguishers. We want to design and optimized guess-then-truncated differential attack on full 32-bit GOST and make as as efficient as we can. The main result of this paper is a single key attack against full 32-round 256-bit GOST with time complexity of 2^179 which is substantially faster than any other known single key attack on GOS

Differential cryptanalysis of new Qamal encryption algorithm

Currently, the Republic of Kazakhstan is developing a new standard for symmetric data encryption. One of the candidates for the role of the standard is the Qamal encryption algorithm developed by the Institute of Information and Computer Technologies (Almaty, Republic of Kazakhstan). The article describes the algorithm. Differential properties of the main operations that make up the Qamal cypher are considered in the questions of stability. We have shown that for a version with a 128-bit data block and the same secret key size for three rounds of encryption it is difficult to find the right pairs of texts with a probability of 2–120, which makes differential cryptanalysis not applicable to the Qamal cyphe

Differential cryptanalysis of new Qamal encryption algorithm

Currently, the Republic of Kazakhstan is developing a new standard for symmetric data encryption. One of the candidates for the role of the standard is the Qamal encryption algorithm developed by the Institute of Information and Computer Technologies (Almaty, Republic of Kazakhstan). The article describes the algorithm. Differential properties of the main operations that make up the Qamal cypher are considered in the questions of stability. We have shown that for a version with a 128-bit data block and the same secret key size for three rounds of encryption it is difficult to find the right pairs of texts with a probability of 2–120, which makes differential cryptanalysis not applicable to the Qamal cyphe

Differential cryptanalysis of PP-1 cipher

In this paper we present a differential attack on the block cipher PP-1 which was designed at Poznan University of Technology. Complexity of the attack is smaller than that of brute force attack for every version of the cipher (for every block length). The attack is possible is spite of the fact that the S-box exhibits optimal security against the differential cryptanalysis. The attack is based on the fact that the design of the cipher S-box and permutation were constructed independently. The permutation operates on individual bits, and in the XOR profile table of S-box 1 bit to 1 bit transitions are possible. It allows constructing a simple one-round differential characteristic which is almost iterative with the probability 1.5 · 2-6. By 9 times concatenation of the characteristic and its relaxation in the last round we obtained a 10-round characteristic with the probability 2-48.7. Using this characteristic with 1R attack makes differential cryptanalysis of full 11-round cipher with complexity smaller than exhaustive search possible. By carefully exploiting similar characteristics it is possible to find analogous attacks on different versions of cipher PP-1, with higher a larger of rounds