386 research outputs found

    On multiple symmetric fixed points in GOST

    Get PDF
    In this article the author revisits the oldest attack on GOST known, the Kara Reflection attack, and another totally unrelated truncated differential attack by Courtois and Misztal. It is hard to imagine that there could be any relationship between two so remote attacks which have nothing in common. However, there is one: Very surprisingly, both properties can be combined and lead the fastest attack on GOST ever found, which is nearly feasible to execute in practice

    Regular subgroups with large intersection

    Full text link
    In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow 22-subgroups of their normalisers in the symmetric group Sym(F2n)\mathrm{Sym}(\mathbb{F}_2^n), in view of the interest that they have recently raised for their applications in symmetric cryptography

    An Improved Differential Attack on Full GOST

    Get PDF
    GOST 28147-89 is a well-known block cipher. Its large key size of 256 bits and incredibly low implementation cost make it a plausible alternative for AES-256 and triple DES. Until 2010 \despite considerable cryptanalytic efforts spent in the past 20 years", GOST was not broken see [30]. Accordingly, in 2010 GOST was submitted to ISO 18033 to become a worldwide industrial encryption standard. In paper we focus on the question of how far one can go in a dedicated Depth-First-Search approach with several stages of progressive guessing and filtering with successive distinguishers. We want to design and optimized guess-then-truncated differential attack on full 32-bit GOST and make as as efficient as we can. The main result of this paper is a single key attack against full 32-round 256-bit GOST with time complexity of 2^179 which is substantially faster than any other known single key attack on GOS

    Set It and Forget It! Turnkey ECC for Instant Integration

    Get PDF
    Historically, Elliptic Curve Cryptography (ECC) is an active field of applied cryptography where recent focus is on high speed, constant time, and formally verified implementations. While there are a handful of outliers where all these concepts join and land in real-world deployments, these are generally on a case-by-case basis: e.g.\ a library may feature such X25519 or P-256 code, but not for all curves. In this work, we propose and implement a methodology that fully automates the implementation, testing, and integration of ECC stacks with the above properties. We demonstrate the flexibility and applicability of our methodology by seamlessly integrating into three real-world projects: OpenSSL, Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x, 13.3x, and 3.7x speedup on any given curve for key generation, key agreement, signing, and verifying, respectively. Furthermore, we showcase the efficacy of our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and a specification-level vulnerability in a Russian standard. Our work bridges the gap between significant applied cryptography research results and deployed software, fully automating the process

    Algebraic Complexity Reduction and Cryptanalysis of GOST

    Get PDF
    GOST 28147-89 is a well-known Russian government encryption standard. Its large key size of 256 bits at a particularly low implementation cost make that it is widely implemented and used, in OpenSSL and elsewhere. In 2010 GOST was submitted to ISO to become an international standard. GOST was analysed by Schneier, Biham, Biryukov, Dunkelman, Wagner, various Australian, Japanese, and Russian scientists, and all researchers seemed to agree that it looks quite secure. Though the internal structure of GOST seems quite weak compared to DES, and in particular the diffusion is not quite as good, it is always stipulated that this should be compensated by a large number of 32 rounds and by the additional non-linearity and diffusion provided by modular additions. At Crypto 2008 the hash function based on this cipher was broken. Yet as far as traditional encryption applications with keys generated at random are concerned, until 2011 no cryptographically significant attack on GOST was found. In this paper we present several new attacks on full 32-rounds GOST. Our methodology is derived from the idea of conditional algebraic attacks on block ciphers which can be defined as attacks in which the problem of key recovery is written as a problem of solving a large system of algebraic equations, and where the attacker makes some clever assumptions on the cipher which lead to an important simplification in the algebraic description of the problem, which makes it solvable in practice if the assumptions hold. Our methods work by black box reduction and allow to literally break the cipher apart into smaller pieces and reduce breaking GOST to a low data complexity software/algebraic/MITM attack on 8 or less rounds. Overall we obtain some 60 distinct attacks faster than brute force on the full 32-round GOST and we provide five nearly practical attacks on two major 128-bit variants of GOST (cf. Table 6). Our single key attacks are summarized in Table 3 p.53 and Table 7 p.153 and attacks with multiple keys in Table 4 page 128

    Decryption oracle slide attacks on T-310

    Get PDF
    T-310 is an important Cold War cipher (Schmeh 2006). It was the principal encryption algorithm used to protect various state communication lines in Eastern Germany throughout the 1980s. The cipher seems to be quite robust, and until now no researcher has proposed an attack on T-310. This article studies decryption oracle and slide attacks on T-310

    Security Evaluation of Russian GOST Cipher

    Get PDF
    Survey of All Known Attacks on Russian Government Encryption Standard. In this talk we will survey some 30 recent attacks on the Russian GOST block cipher. Background: GOST cipher is the official encryption standard of the Russian federation, and also has special versions for the most important Russian banks. Until 2012 there was no attack on GOST when it is used in encryption with random keys. I have developed more than 30 different academic attacks on GOST the fastest has complexity of 2^118 to recover some but not all 256-bit keys generated at random, which will be presented for the first time at CCC conference. It happens only once per decade that a government standard is broken while it is still an official government standard (happened for DES and AES, no other cases known). All these are broken only in academic sense, for GOST most recent attacks are sliding into maybe arguably practical in 30 years from now instead of 200 years... Our earlier results were instrumental at ISO for rejecting GOST as an international encryption standard last year. Not more than 5+ block cihers have ever achieved this level of ISO standardisation in 25 years and it NEVER happended in history of ISO that a cipher got broken during the standardization process. Two main papers with 70+30 pages respectively which are http://eprint.iacr.org/2011/626 and http://eprint.iacr.org/2012/138. Two other papers have been already published in Cryptologia journal which specializes in serious military and government crypto. The talk will cover three main families of attacks on GOST: high-level transformations, low- level inversion/MITM/guess-then-software/algebraic attacks and advanced truncated differential cryptanalysis of GOST. Plan for the talk: First I cover the history of GOST with major Cold War history events as the necessary background. Then I describe in details three main families of attacks: 1) self-smilarity attacks which generalize slide fixed point and reflection attacks, and provide a large variety of ways in which the security of the full GOST cipher with 32 rounds can be reduced to the security of GOST with 8 rounds in a black box reduction and thus the task of the cryptanalys is split into two well-defined tasks. 2) detailed software/algebraic and MITM attacks on 8 rounds and how weak diffusion in GOST helps. 3) advanced truncated differential attacks on GOS

    Linear cryptanalysis and block cipher design in East Germany in the 1970s

    Get PDF
    Linear cryptanalysis (LC) is an important codebreaking method that became popular in the 1990s and has roots in the earlier research of Shamir in the 1980s. In this article we show evidence that linear cryptanalysis is even older. According to documents from the former East Germany cipher authority ZCO, the systematic study of linear characteristics for nonlinear Boolean functions was routinely performed in the 1970s. At the same time East German cryptologists produced an excessively complex set of requirements known as KT1, which requirements were in particular satisfied by known historical used in the 1980s. An interesting line of inquiry, then, is to see if KT1 keys offer some level of protection against linear cryptanalysis. In this article we demonstrate that, strangely, this is not really the case. This is demonstrated by constructing specific counterexamples of pathologically weak keys that satisfy all the requirements of KT1. However, because we use T-310 in a stream cipher mode that uses only a tiny part of the internal state for actual encryption, it remains unclear whether this type of weak key could lead to key recovery attacks on T-310

    ПРИНЦИПИ ПОБУДОВИ І ОСНОВНІ ВЛАСТИВОСТІ НОВОГО НАЦІОНАЛЬНОГО СТАНДАРТУ БЛОКОВОГО ШИФРУВАННЯ УКРАЇНИ

    Get PDF
    On the 1st of July, 2015 Ukraine adopts new cryptographicstandard of symmetric block transformation DSTU7624:2014 which defines “Kalyna” cipher and its confidentialityand integrity modes of operation. The nationalstandard is developed as collaboration result of State Serviceof Special Communication of Ukraine and leadingUkrainian scientists based on the public cryptographicalgorithms competition. In comparison to well-knownstandard AES, DSTU 7624:2014 provides higher level ofcryptographic strength (with possibility of application ofblock and key length up to 512 bits) and comparable orhigher performance on modern software or softwarehardwareplatforms, essentially exceeding rates of DSTUGOST 28147:2009 (GOST 28147-89) which have beenused over 25 years. It is considered modern problems ofblock cipher development and their solutions implementedby the developers in the new national standard of Ukraine.С 1-го июля 2015 г. в Украине вводится в действие криптографический стандарт блочного симметрич-ного преобразования ДСТУ 7624:2014, определяющий шифр «Калина» и режимы его работы для обеспечения конфиденциальности и целостности. Наци-ональный стандарт разработан как результат сотруд-ничества Государственной службой специальнойсвязи и защиты информации Украины и ведущихукраинских ученых на основе проведения открытогоконкурса криптографических алгоритмов. В сравнении с известным международным стандартом AES,алгоритм ДСТУ 7624:2014 обеспечивает более высокий уровень криптографической стойкости (с возмо-жностью применения блока и ключа шифрования до512 битов включительно) и сравнимое или болеевысокое быстродействие на современных и перспективных программных и программно-аппаратных платформах, существенно превышая показатели ДСТУГОСТ 28147:2009 (ГОСТ 28147-89), используемыйуже более 25 лет. В статье рассмотрены современныепроблемы разработки блочных шифров и их реше-ния, внедренные разработчиками в новом национальном стандарте Украины.З 1-го липня 2015 р. в Україні вводиться в дію криптографічний стандарт блокового симетричного перетворенняДСТУ 7624:2014 [3], що визначає шифр “Калина” та режими його роботи для забезпечення конфіденційності і цілісності. Національний стандарт розроблений у співпраці Державної служби спеціального зв’язку та захисту інфор-мації України і провідних українських науковців на основі проведення відкритого конкурсу криптографічних алгоритмів. Порівняно із відомим міжнародним стандартом AES, алгоритм ДСТУ 7624:2014 забезпечує вищий рівенькриптографічної стійкості (із можливістю застосування блока та ключа шифрування включно до 512 бітів) і порі-вняну або вищу швидкодію на сучасних і перспективних програмних і програмно-апаратних платформах, суттєво перевершуючи показники ДСТУ ГОСТ 28147:2009 (ГОСТ 28147-89), який застосовується вже більше 25 років. У статтірозглянуті сучасні проблеми розробки блокових шифрів та їхні вирішення, впроваджені розробниками у новому національномустандарті України
    corecore