Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Enhanced Truncated Differential Cryptanalysis of GOST
  • Publication Type:
  • Authors:
    Courtois N, Mourouzis T
  • Publisher:
  • Status:
  • Name of conference:
    SECRYPT 2013, 10th International Con- ference on Security and Cryptography
  • Conference place:
    Reykjavik, Iceland
  • Conference start date:
  • Conference finish date:
  • Keywords:
    Block ciphers, GOST S-boxes, ISO 18033-3, differential cryptanalysis, sets of differentials, distinguisher, Gauss error function, aggregated differentials, truncated differentials
GOST is a well-known block cipher implemented in standard libraries such as OpenSSL, it has extremely low implementation cost and nothing seemed to threaten its high 256-bit security [CHES 2010]. In 2010 it was submitted to ISO to become a worldwide industrial standard. Then many new attacks on GOST have been found in particular some advanced differential attacks by Courtois andMisztal which are based on distinguish- ers for 20 Rounds. Best attack of this type has complexity 2179 [Courtois 2012]. In July 2012 Rudskoy et al claimed that these attacks fail when the S-boxes submitted to ISO 18033-3 are used. However, the authors failed to consider that these attacks need to be re-optimized again for this set of S-boxes. This is difficult because we have exponentially many sets of differentials. In this paper we present a basic heuristic methodology and a framework for constructing families of distinguishers and we introduce differential sets of a special new form dictated by the specific regular structure of GOST. We look at different major variants of GOST and we have been able to construct a distinguisher for 20 round for CryptoParamSetA and even for the ISO proposal version which is expected to be the strongest. Therefore there is absolutely no doubt that these versions of GOST are also broken by the same sort of attacks.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by