Geodesic
StriBob: authenticated encryption from GOST R 34.11-2012 LPS permutation
Matematičeskie voprosy kriptografii, Tome 6 (2015) no. 2, pp. 67-78 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

Authenticated encryption algorithms protect both the confidentiality and integrity of messages in a single processing pass. We show how to utilize the $L\circ P\circ S$ transform of the Russian GOST R 34.11-2012 standard hash “Streebog” to construct an efficient, lightweight algorithm for Authenticated Encryption with Associated Data (AEAD) via the Sponge scheme. The proposed algorithm “StriBob” has attractive security properties, is faster than the Streebog hash alone, twice as fast as the GOST 28147-89 encryption algorithm, and requires only a modest amount of running-time memory. StriBob is a Round 1 candidate in the CAESAR competition. 
@article{MVK_2015_6_2_a7,
     author = {M.-J. O. Saarinen},
     title = {StriBob: authenticated encryption from {GOST~R~34.11-2012} {LPS} permutation},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {67--78},
     year = {2015},
     volume = {6},
     number = {2},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MVK_2015_6_2_a7/}
}
TY  - JOUR
AU  - M.-J. O. Saarinen
TI  - StriBob: authenticated encryption from GOST R 34.11-2012 LPS permutation
JO  - Matematičeskie voprosy kriptografii
PY  - 2015
SP  - 67
EP  - 78
VL  - 6
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/MVK_2015_6_2_a7/
LA  - en
ID  - MVK_2015_6_2_a7
ER  - 
%0 Journal Article
%A M.-J. O. Saarinen
%T StriBob: authenticated encryption from GOST R 34.11-2012 LPS permutation
%J Matematičeskie voprosy kriptografii
%D 2015
%P 67-78
%V 6
%N 2
%U http://geodesic.mathdoc.fr/item/MVK_2015_6_2_a7/
%G en
%F MVK_2015_6_2_a7
M.-J. O. Saarinen. StriBob: authenticated encryption from GOST R 34.11-2012 LPS permutation. Matematičeskie voprosy kriptografii, Tome 6 (2015) no. 2, pp. 67-78. http://geodesic.mathdoc.fr/item/MVK_2015_6_2_a7/

[1] Andreeva E., Mennink B., Preneel B., Security reductions of the second round SHA-3 candidates, IACR ePrint, , July 2010 http://eprint.iacr.org/2010/381

[2] Barreto P. S. L. M., Rijmen V., The Whirlpool hashing function. NESSIE Algorithm Specification, , 2000, Revised May 2003 http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html

[3] Bertoni G., Daemen J., Peeters M., Assche G. V., “Duplexing the sponge: Singlepass authenticated encryption and other applications”, SAC 2011, Lect. Notes Comput. Sci., 7118, 2011, 320–337

[4] Bertoni G., Daemen J., Peeters M., Assche G. V., The Keccak reference, version 3.0, NIST SHA3 Submission Document, January 2011

[5] Bertoni G., Daemen J., Peeters M., Assche G. V., “Permutation-based encryption, authentication and authenticated encryption”, DIAC 2012, 2012 http://keccak.noekeon.org/KeccakDIAC2012.pdf

[6] Bertoni G., Daemen J., Peeters M., Assche G. V., Keer R. V., CAESAR submission: Keyak v1, , March 2014 http://competitions.cr.yp.to/round1/keyakv1.pdf

[7] Biham E., Dunkelman O., A framework for iterative hash functions – HAIFA, IACR ePrint, , July 2007 http://eprint.iacr.org/2007/278

[8] Biham E., Shamir A., Differential cryptanalysis of the Data Encryption Standard, Springer, 1993 | MR | Zbl

[9] Chang S., Perlner R., Burr W. E., Turan M. S., Kelsey J. M., Paul S., Bassham L. E., Third-round report of the SHA-3 cryptographic hash algorithm competition, Tech. Rep. NISTIR 7896, Nat. Inst. Stand. Technol., November, 2012

[10] Daemen J., Rijmen V., The design of Rijndael: AES – the Advanced Encryption Standard, Springer, 2002 | MR | Zbl

[11] Damgård I., “A design principle for hash functions”, Lect. Notes Comput. Sci., 435, 1989, 416–427 | MR

[12] Dolmatov V., Degtyarev A., GOST R 34.11-2012: Hash Function, ITEF RFC 6986, August 2013

[13] GOST. Cryptographic protection for data processing system. GOST 28147-89, 1989 (in Russian)

[14] GOST. Cryptographic protection of information, hash function. GOST R 34.11-94, 1994 (in Russian)

[15] GOST. Information technology. Cryptographic protection of information, hash function. GOST R 34.11-2012, 2012 (in Russian)

[16] Kazymyrov O., Kazymyrova V., “Algebraic aspects of the Russian hash standard GOST R 34.11-2012”, CTCrypt'13 (June 23–24, 2013, Ekaterinburg, Russia), 2013; IACR ePrint, http://eprint.iacr.org/2013/556

[17] Knudsen L.,Wagner D., “Integral cryptanalysis (extended abstract)”, FSE 2002, Lect. Notes Comput. Sci., 2365, Springer, 2002, 112–127 | MR | Zbl

[18] Lamberger M., Mendel F., Rechberger C., Rijmen V., Schläffer M., “Rebound distinguishers: Results on the full whirlpool compression function”, ASIACRYPT'09, Lect. Notes Comput. Sci., 5912, ed. Matsui M., 2009, 126–143 | MR | Zbl

[19] Lamberger M., Mendel F., Schläffer M., Rechberger C., Rijmen V., “The rebound attack and subspace distinguishers: Application to Whirlpool”, J. Cryptology, 28:2 (2015), 257–296 | DOI | MR | Zbl

[20] Matsui M., “Linear cryptoanalysis method for DES cipher”, EUROCRYPT'93, Lect. Notes Comput. Sci., 765, ed. Helleseth T., 1994, 386–397 | Zbl

[21] Matyas S., Meyer C., Ossas J., “Generating strong one-way functions with cryptographic algorithm”, IBM Technical Disclosure Bulletin, 27 (1985), 5658–5659

[22] Mendel F., Pramstaller N., Rechberger C., Kontak M., Szmidt J., “Cryptanalysis of the GOST hash function”, CRYPTO 2008, Lect. Notes Comput. Sci., 5157, 2008, 162–128 | MR

[23] Merkle R., Secrecy, Authenticatication, and public key systems, PhD thesis, Stanford University, 1979

[24] Advanced Encryption Standard (AES), FIPS 197, NIST, 2001

[25] The keyed-hash message authentication code (HMAC), FIPS 198-1, NIST, July 2008

[26] Bernstein D., CAESAR call for submissions, , NIST, January 2014 http://competitions.cr.yp.to/caesar-call.html

[27] Saarinen M.-J. O., “Beyond modes: Building a secure record protocol from a cryptographic sponge permutation”, CT-RSA 2014, Lect. Notes Comput. Sci., 8366, 2014, 270–285 | MR | Zbl

[28] Saarinen M.-J. O., The STRIBOBr1 authenticated encryption algorithm, CAESAR, 1st Round, , March 2014 http://www.stribob.com | MR