Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Cryptanalysis of Two GOST Variants With 128-bit Keys
  • Publication Type:
    Journal article
  • Publication Sub Type:
  • Authors:
    Courtois N
  • Publisher:
    Taylor&Francis Online
  • Publication date:
  • Pagination:
    348, 361
  • Journal:
  • Volume:
  • Issue:
  • Status:
  • Country:
  • Language:
  • Keywords:
    algebraic attacks, algebraic complexity reduction, black-box reductions, block ciphers, Feistel schemes, key scheduling, multiple-key attacks, reflection attacks, self-similarity, single-key attacks, sliding attacks
GOST is a well-known Russian encryption standard. Until 2010, no researcher found a single-key attack on GOST. In 2010, GOST was submitted to ISO 18033 to become a worldwide industrial encryption standard. Since 2011, many attacks on GOST faster than brute force have been found. By default, GOST has 256-bit keys. However, in many applications 128-bit keys are required. The authors should note that GOST is an exceptionally economical cipher in implementation: Even as a 128-bit cipher, GOST requires about four times less gates to implement than AES-128. There are two very natural 128-bit variants of GOST: Either the same 128-bit key is repeated, or it is repeated with inversion of the 32-bit words. Both variants are natural simplified variants fully compliant with the standard which have already been considered as potentially interesting targets for advanced slide attacks. In this article, the authors show that both these variants are insecure. All of their attacks are nearly practical.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by