GOST (block cipher)

GOST (block cipher)

Infobox block cipher
name = GOST 28147-89


caption = Diagram of GOST
designers = USSR
publish date = 1994 (declassified)
derived from =
derived to =
key size = 256 bits
block size = 64 bits
structure = Feistel network
rounds = 32
cryptanalysis =

The GOST block cipher, defined in the standard GOST 28147-89, is a Soviet and Russian government standard symmetric key block cipher. Also based on this block cipher is the GOST hash function.

Developed in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. Shortly after the dissolution of the USSR, it has been declassified and released to the public in 1994. GOST 28147 was a Soviet alternative to the United States standard algorithm, DES. Thus, the two are very similar in structure.

The algorithm

GOST has a 64-bit block size and a key length of 256 bits. Its S-boxes can be secret, and they contain about 512 bits of secret information, so the effective key size can be increased to 768 bits; however, a chosen-key attack can recover the contents of the S-Boxes in approximately 232 encryptions (Saarinen, 1998).

GOST is a Feistel network of 32 rounds. Its round function is very simple: add a 32-bit subkey modulo 232, put the result through a layer of S-boxes, and rotate that result left by 11 bits. The result of that is the output of the round function. In the diagram to the left, one line represents 32 bits.

The subkeys are chosen in a pre-specified order. The key schedule is very simple: break the 256-bit key into eight 32-bit subkeys, and each subkey is used four times in the algorithm; the first 24 rounds use the key words in order, the last 8 rounds use them in reverse order.

The S-boxes accept a four-bit input and produce a four-bit output. The S-box substitution in the round function consists of eight 4 × 4 S-boxes. The S-boxes are implementation-dependent - parties that want to secure their communications using GOST must be using the same S-boxes. For extra security, the S-boxes can be kept secret. In the original standard where GOST was specified, no S-boxes were given, but they were to be supplied somehow. This led to speculation that organizations the government wished to spy on were given weak S-boxes. One GOST chip manufacturer reported that he generated S-boxes himself using a pseudorandom number generator (Schneier, 1996).

For example, the Central Bank of Russian Federation uses the following S-boxes:

Cryptanalysis of GOST

Compared to DES, GOST has a very simple round function. However, the designers of GOST attempted to offset the simplicity of the round function by specifying the algorithm with 32 rounds and secret S-boxes.

Another concern is that the avalanche effect is slower to occur in GOST than in DES. This is because of GOST's lack of an expansion permutation in the round function, as well as its use of a rotation instead of a permutation. Again, this is offset by GOST's increased number of rounds.

There is not much published cryptanalysis of GOST, but a cursory glance says that it seems secure (Schneier, 1996). The large number of rounds and secret S-boxes makes both linear and differential cryptanalysis difficult. Its avalanche effect may be slower to occur, but it can propagate over 32 rounds very effectively.

See also

*U.S. Data Encryption Standard (DES)
*GOST standards

References

* Saarinen, Markku-Juhani (1998). " [http://citeseer.ist.psu.edu/rd/96002585%2C277448%2C1%2C0.25%2CDownload/http://citeseer.ist.psu.edu/compress/0/papers/cs/13215/http:zSzzSzwww.jyu.fizSz~mjoszSzgost_cka.ps.gz/saarinen98chosen.ps A chosen key attack against the secret S-boxes of GOST] ".
* Schneier, Bruce. "Applied Cryptography", 2nd edition, 1996. ISBN 0-471-11709-9.
* Alex Biryukov, David Wagner, [http://now.cs.berkeley.edu/~daw/papers/advslide-ec00.ps Advanced Slide Attacks] , EUROCRYPT 2000, LNCS, pp 589-606, 2000.

External links

* [http://vipul.net/gost/ GOST — The Soviet Encryption Algorithm]
* [http://textop.us/Encryption/GOST Online GOST encrypt and decrypt tool]
* [http://textop.us/Hashing/Gost Online GOST hashing tool]
* [http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#GOST SCAN's entry for GOST]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Block cipher modes of operation — This article is about cryptography. For method of operating , see modus operandi. In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.[1][2] A block cipher by itself… …   Wikipedia

  • Block cipher — In cryptography, a block cipher is a symmetric key cipher operating on fixed length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128 bit block of plaintext as… …   Wikipedia

  • GOST (hash function) — The GOST hash function, defined in the standards GOST R 34.11 94 and GOST 34.311 95, is a 256 bit cryptographic hash function. It was initially defined in the Russia s national standard GOST R 34.11 94 Information Technology Cryptographic… …   Wikipedia

  • GOST — refers to a set of technical standards maintained by the Euro Asian Council for Standardization, Metrology and Certification (EASC), a regional standards organization operating under the auspices of the Commonwealth of Independent States (CIS).… …   Wikipedia

  • Cipher security summary — This article summarizes publicly known attacks against ciphers. Note that not all entries may be up to date. Table color key No known successful attacks Theoretical break Attack demonstrated in practice The Best attack column lists the complexity …   Wikipedia

  • Cipher Block Chaining — Mode d opération (cryptographie) En cryptographie, un mode d opération est la manière de traiter les blocs de texte clairs et chiffrés au sein d un algorithme de chiffrement par bloc. Chacun des modes possède ses propres atouts. Plusieurs modes… …   Wikipédia en Français

  • Cryptomeria cipher — The Feistel function of the Cryptomeria cipher. General Designers 4C Entity First published …   Wikipedia

  • Mercy (cipher) — This article is about the block cipher. For other uses, see Mercy (disambiguation). Mercy General Designers Paul Crowley First published April 2000[1] Derived from WAKE …   Wikipedia

  • Crab (cipher) — This article is about the block cipher. For other uses, see Crab (disambiguation). Crab General Designers Burt Kaliski, Matt Robshaw First published 1993 Derived from MD5 Related to SHACAL …   Wikipedia

  • Nimbus (cipher) — This article is about the block cipher. For other uses, see Nimbus (disambiguation). Nimbus General Designers Alexis Machado First published 2000 Cipher detail Key sizes 128 bits Block sizes …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”