G. Sekar, N. Mouha, B. Preneel, “Meet-in-the-middle attacks on reduced-round GOST”, Mat. Vopr. Kriptogr., 2014, Volume 5, Issue 2,Pages <nobr>117

Meet-in-the-middle attacks on reduced-round GOST

G. Sekar^a, N. Mouha^bc, B. Preneel^bc

^a Indian Statistical Institute, Chennai Centre, SETS Campus, MGR Knowledge City, CIT Campus, Taramani, Chennai 600113, India
^b Department of Electrical Engineering ESAT/COSIC, KU Leuven, Kasteelpark Arenberg 10 box 2452, 3001 Heverlee, Belgium
^c iMinds, Belgium

Abstract: The block cipher GOST (GOST 28147-89) is a Russian standard for encryption and message authentication that is included in OpenSSL 1.0.0. In this paper, we present meet-in-the-middle attacks on several block ciphers, each consisting of 22 or fewer rounds of GOST. Our $22$-round attack on rounds 10–31 requires only 5 known plaintexts and a computational effort equivalent to testing about $2^{223}$ keys for a success probability of $1-2^{-65}$. This attack is the best (going by the number of rounds) low data complexity key-recovery attack on GOST.

Key words: cryptanalysis, block cipher, meet-in-the-middle attack, Feistel network, GOST.

UDC: 519.719.2

Received 25.IX.2013

Language: English

DOI: 10.4213/mvk124