Pubblicato online: 18 feb 2014
Pagine: 1 - 19
DOI: https://doi.org/10.2478/tmmp-2013-0032
Parole chiave
This content is open access.
Rotational cryptanalysis was introduced by Khovratovich and Nikoli ´c as a tool to analyse ARX-type cipher designs. GOST 28147-89 is a former Soviet Union cipher standard based on a Feistel construction with 32 rounds. Each round function adds the round key modulo 232, transforms the result with 4-to-4 bit S-boxes, and rotates the output. We apply the rotational cryptanalysis to a version of GOST using eight identical S-boxes, such as GOST-PS. We show the existence of (practical) rotational distinguisher in related key model for full GOST. Furthermore, there is a set of weak keys (rotationally symmetric keys) that enables rotational attacks in single-key model as well. Finally, we show a simple attack on the last round that uses the rotational distinguisher to reduce the complexity of the full GOST to 208 bits.