Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
  • Publication Type:
    Journal article
  • Authors:
    Courtois NT
  • Publisher:
    Walter de Gruyter GmbH
  • Publication date:
  • Pagination:
    45, 63
  • Journal:
    Tatra Mountains Mathematical Publications
  • Volume:
  • Issue:
  • Status:
  • Print ISSN:
ABSTRACT GOST 28147-89 is a well-known 256-bit block cipher. In 2010 GOST was submitted to ISO, to become an international standard. Then many academic attacks which allow to break full GOST faster than brute force have been found. The fastest known single-key attack on GOST for 264 of data is 2179 of [Courtois, N.: An improved differential attack on full GOST, Cryptology ePrint Archive, Report 2012/138, http://eprint.iacr.org/2012/138] and for 232 of data it is 2191 of [Courtois, N.: Algebraic complexity reduction and cryptanalysis of GOST, Preprint, 2010-13, http://eprint.iacr.org/2011/626]. Other results are slower but require significantly less memory [Courtois, N.: Algebraic complexity reduction and cryptanalysis of GOST, Preprint, 2010-2013, http://eprint.iacr.org/2011/626], [Dinur, I.-Dunkelman, O.-Shamir, A.: Improved attacks on full GOST, in: Fast Software Encryption-FSE ’12, 19th Internat. Workshop, Washington, USA, 2012, Lecture Notes in Comput. Sci., Vol. 7549, Springer, Berlin, 2012, pp. 9-28, http://eprint.iacr.org/2011/558/]. The common stereotype is that these will be “the best” attacks on GOST. However, ciphers are not used in practice with single keys, on the contrary. In this paper we intend to show that there exist attacks on GOST which are more versatile and even somewhat more “practical” than the best single key attack. We argument that multiple random key attacks not single key attacks, are more practical and more likely to be executed in the real life. They recover keys when other attacks recover none. One can break some (weaker) GOST keys in a population of 256-bit keys generated at random with a TOTAL computational effort as low as 2120, this including the cost to examine also the cases in which the attack does not work. All our attacks are based on special non-trivial properties of data inside the cipher which however are such that keys for which the property does not hold can be rejected efficiently.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by