Geodesic
Streebog compression function as PRF in secret-key settings
Matematičeskie voprosy kriptografii, Tome 13 (2022) no. 2, pp. 99-116 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

Security of the many keyed hash-based cryptographic constructions (such as HMAC) depends on the fact that the underlying compression function $\mathsf{g}(H,M)$ is a pseudorandom function (PRF). This paper presents key-recovery algorithms for 7 rounds (of 12) of Streebog compression function. Two cases were considered, as a secret key can be used: the previous state $H$ or the message block $M$. The proposed methods implicitly show that Streebog compression function has a large security margin as PRF in the above-mentioned secret-key settings. 
@article{MVK_2022_13_2_a6,
     author = {V. A. Kiryukhin},
     title = {Streebog compression function as {PRF} in secret-key settings},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {99--116},
     year = {2022},
     volume = {13},
     number = {2},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MVK_2022_13_2_a6/}
}
TY  - JOUR
AU  - V. A. Kiryukhin
TI  - Streebog compression function as PRF in secret-key settings
JO  - Matematičeskie voprosy kriptografii
PY  - 2022
SP  - 99
EP  - 116
VL  - 13
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/MVK_2022_13_2_a6/
LA  - en
ID  - MVK_2022_13_2_a6
ER  - 
%0 Journal Article
%A V. A. Kiryukhin
%T Streebog compression function as PRF in secret-key settings
%J Matematičeskie voprosy kriptografii
%D 2022
%P 99-116
%V 13
%N 2
%U http://geodesic.mathdoc.fr/item/MVK_2022_13_2_a6/
%G en
%F MVK_2022_13_2_a6
V. A. Kiryukhin. Streebog compression function as PRF in secret-key settings. Matematičeskie voprosy kriptografii, Tome 13 (2022) no. 2, pp. 99-116. http://geodesic.mathdoc.fr/item/MVK_2022_13_2_a6/

[1] GOST R 34.11-2012 — National standard of the Russian Federation — Information technology — Cryptographic data security — Hash function, 2012

[2] Damgård I., “A design principle for hash functions”, CRYPTO 1989, Lect. Notes Comput. Sci., 435, 1990, 416–427 | DOI | MR | Zbl

[3] Merkle R., “One way wash functions and DES”, CRYPTO 1989, Lect. Notes Comput. Sci., 435, 1990, 428–446 | DOI | MR

[4] Boneh D., Shoup V., A Graduate Course in Applied Cryptography, , 2020 http://toc.cryptobook.us/book.pdf

[5] Tiessen T., “Polytopic cryptanalysis”, EUROCRYPT 2016, Lect. Notes Comput. Sci., 9665, 2016, 214–239 | DOI | MR | Zbl

[6] Bellare M., “New proofs for NMAC and HMAC: security without collision-resistance”, CRYPTO 2006, Lect. Notes Comput. Sci., 4117, 2014, 602–619 | DOI | MR

[7] Guo J., Jean J., Leurent G., Peyrin T., Wang L., “The usage of counter revisited: second-preimage attack on new Russian standardized hash function”, SAC 2014, Lect. Notes Comput. Sci., 8781, 2014, 195–211 | DOI | MR | Zbl

[8] AlTawy R., Youssef A. M., “Integral distinguishers for reduced-round Stribog”, Inf. Process. Letters, 114 (2014), 426–431 | DOI | Zbl

[9] AlTawy R., Youssef A. M., “Preimage attacks on reduced-round Stribog”, AFRICACRYPT 2014, Lect. Notes Comput. Sci., 8469, 2014, 109–125 | DOI | MR | Zbl

[10] AlTawy R., Kircanski A., Youssef A. M., “Rebound attacks on Stribog”, ICISC 2013, Lect. Notes Comput. Sci., 8565, 2014, 175–188 | DOI | MR | Zbl

[11] Jian Zou, Wenling Wu, and Shuang Wu, “Cryptanalysis of the round-reduced GOST hash function”, Inscrypt 2013, Lect. Notes Comput. Sci., 8567, eds. Lin D., Xu S., Yung M., 2014, 309–322 | DOI | MR | Zbl

[12] Ma B., Li B., Hao R., Li X., “Improved cryptanalysis on reduced-round GOST and Whirlpool hash function”, ACNS 2014, Lect. Notes Comput. Sci., 8479, 2014, 289–307 | DOI | Zbl

[13] Wang Z., Yu H., Wang X., “Cryptanalysis of GOST R hash function”, Inf. Process. Letters, 114 (2014), 655–662 | DOI | Zbl

[14] Kölbl S., Rechberger C., “Practical attacks on AES-like cryptographic hash functions”, LATINCRYPT 2014, Lect. Notes Comput. Sci., 8895, 2014, 259–273 | DOI | MR

[15] Abdelkhalek A., AlTawy R., Youssef A. M., “Impossible differential properties of reduced round Streebog”, C2SI 2015, Lect. Notes Comput. Sci., 9084, 2015, 274–286 | DOI | MR | Zbl

[16] Ma B., Li B., Hao R., Li X., “Improved (pseudo) preimage attacks on reduced-round GOST and Grøstl-256 and studies on several truncation patterns for AES-like compression functions”, IWSEC 2015, Lect. Notes Comput. Sci., 9241, 2015, 79–96 | DOI | Zbl

[17] Li R., Jin C., Fan R., “Improved integral distinguishers on compression function of GOST R hash function”, Computer J., 62 (2019), 535–544 | DOI | MR

[18] Cui T., Wang W., Wang M., “Distinguisher on full-round compression function of GOST R”, 105902, Inf. Process. Letters, 156 (2020) | DOI | MR | Zbl

[19] Chang D., Nandi M., A short proof of the PRP/PRF Switching Lemma, Cryptology ePrint Archive, Report 2008/078, 2008 | MR

[20] Knudsen L., “Truncated and higher order differentials”, FSE 1994, Lect. Notes Comput. Sci., 1008, 1994, 196–211 | DOI

[21] Derbez P., Fouque P.-A., Jean J., “Improved key recovery attacks on reduced-round AES in the single-key setting”, EUROCRYPT 2013, Lect. Notes Comput. Sci., 7881, 2013, 371–387 | DOI | Zbl

[22] Kazymyrov O., Kazymyrova V., Algebraic aspects of the Russian hash standard GOST R 34.11-2012, Cryptology ePrint Archive, Report 2013/556, 2013

[23] Wagner D., “A generalized birthday problem”, CRYPTO 2002, Lect. Notes Comput. Sci., 2442, 2002, 288–304 | DOI | MR

[24] Dinur I., Leurent G., “Improved generic attacks against hash-based MACs and HAIFA”, CRYPTO 2014, Lect. Notes Comput. Sci., 8616, 2014, 149–168 | DOI | MR | Zbl

[25] Mendel F., Rechberger C., Schläffer M., Søren S. Thomsen, “The rebound attack: cryptanalysis of relduced Whirlpool and Grøstl”, FSE 2009, Lect. Notes Comput. Sci., 5665, 2009, 260–276 | DOI | Zbl