Geodesic
Related-key attacks on the compression function of Streebog
Matematičeskie voprosy kriptografii, Tome 14 (2023) no. 2, pp. 59-76 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

Related-key attacks against block ciphers are often considered unrealistic. In practice, as far as possible, the existence of a known «relation» between the secret encryption keys is avoided. Despite this, related keys arise directly in some widely used keyed hash functions. This is especially true for HMAC-Streebog, where known constants and selected parameters are added to the secret key. The relation is determined by addition modulo $2$ and $2^{n}$. The security of HMAC reduces to the properties of the used compression function. Therefore, as an initial analysis we propose key-recovery methods for 10 and 11 rounds (out of 12) of Streebog compression function in the related-key setting. The result shows that Streebog successfully resists attacks even in the model with such powerful adversaries. 
@article{MVK_2023_14_2_a3,
     author = {V. A. Kiryukhin},
     title = {Related-key attacks on the compression function of {Streebog}},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {59--76},
     year = {2023},
     volume = {14},
     number = {2},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MVK_2023_14_2_a3/}
}
TY  - JOUR
AU  - V. A. Kiryukhin
TI  - Related-key attacks on the compression function of Streebog
JO  - Matematičeskie voprosy kriptografii
PY  - 2023
SP  - 59
EP  - 76
VL  - 14
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/MVK_2023_14_2_a3/
LA  - en
ID  - MVK_2023_14_2_a3
ER  - 
%0 Journal Article
%A V. A. Kiryukhin
%T Related-key attacks on the compression function of Streebog
%J Matematičeskie voprosy kriptografii
%D 2023
%P 59-76
%V 14
%N 2
%U http://geodesic.mathdoc.fr/item/MVK_2023_14_2_a3/
%G en
%F MVK_2023_14_2_a3
V. A. Kiryukhin. Related-key attacks on the compression function of Streebog. Matematičeskie voprosy kriptografii, Tome 14 (2023) no. 2, pp. 59-76. http://geodesic.mathdoc.fr/item/MVK_2023_14_2_a3/

[1] GOST R 34.11-2012 - Information technology - Cryptographic data security - Hash function, National standard of the Russian Federation, STANDARTINFORM, M., 2012 (In Russian)

[2] R 50.1.113-2016 - Information technology - Cryptographic data security - Cryptographic algorithms accompanying the use of electronic digital signature algorithms and hash functions, STANDARTINFORM, M., 2016 (In Russian)

[3] Damgård I., “A design principle for hash functions”, CRYPTO 1989, Lect. Notes Comput. Sci., 435, 1990, 416–427 | DOI | MR | Zbl

[4] Merkle R., “One way wash functions and DES”, CRYPTO 1989, Lect. Notes Comput. Sci., 435, 1990, 428–446 | DOI | MR

[5] Biham E., “New types of cryptoanalytic attacks using related keys (extended abstract)”, EUROCRYPT 93, Lect. Notes Comput. Sci., 765, 1993, 398–409 | DOI

[6] Knudsen L., “Truncated and higher order differentials”, FSE 1994, Lect. Notes Comput. Sci., 1008, 1994, 196–211 | DOI

[7] Bellare M., Canetti R., Krawczyk H., “Keying hash functions for message authentication”, Crypto'96, Lect. Notes Comput. Sci., 1109, 1996, 1–15 | DOI | MR | Zbl

[8] Bellare M., “New proofs for NMAC and HMAC: security without collision-resistance”, CRYPTO 2006, Lect. Notes Comput. Sci., 4117, 2006, 602–619 | DOI | MR | Zbl

[9] Guo J., Jean J., Leurent G., Peyrin T., Wang L., “The usage of counter revisited: second-preimage attack on new Russian standardized hash function”, SAC 2014, Lect. Notes Comput. Sci., 8781, 2014, 195–211 | DOI | MR | Zbl

[10] AlTawy R., Youssef A. M., “Integral distinguishers for reduced-round Stribog”, Inf. Process. Letters, 114 (2014), 426–431 | DOI | Zbl

[11] AlTawy R., Youssef A. M., “Preimage attacks on reduced-round Stribog”, AFRICACRYPT 2014, Lect. Notes Comput. Sci., 8469, 2014, 109–125 | DOI | MR | Zbl

[12] AlTawy R., Kircanski A., Youssef A. M., “Rebound attacks on Stribog”, ICISC 2013, Lect. Notes Comput. Sci., 8565, 2014, 175–188 | DOI | MR | Zbl

[13] Lin D., Xu S., Yung M., “Cryptanalysis of the round-reduced GOST hash function”, INSCRYPT 2013, Lect. Notes Comput. Sci., 8567, 2014, 309–322 | DOI | MR | Zbl

[14] Ma B., Li B., Hao R., Li X., “Improved cryptanalysis on reduced-round GOST and Whirlpool hash function”, ACNS 2014, Lect. Notes Comput. Sci., 8479, 2014, 289–307 | DOI | Zbl

[15] Wang Z., Yu H., Wang X., “Cryptanalysis of GOST R hash function”, Inf. Process. Letters, 114 (2014), 655–662 | DOI | Zbl

[16] Kölbl S., Rechberger C., “Practical attacks on AES-like cryptographic hash functions”, LATINCRYPT 2014, Lect. Notes Comput. Sci., 8895, 2014, 259–273 | DOI | MR

[17] Abdelkhalek A., AlTawy R., Youssef A. M., “Impossible differential properties of reduced round Streebog”, C2SI 2015, Lect. Notes Comput. Sci., 9084, 2015, 274–286 | DOI | MR | Zbl

[18] Ma B., Li B., Hao R., Li X., “Improved (pseudo) preimage attacks on reduced-round GOST and Grøstl-256 and studies on several truncation patterns for AES-like compression functions”, IWSEC 2015, Lect. Notes Comput. Sci., 9241, 2015, 79–96 | DOI | Zbl

[19] Rongjia Li, Chenhui Jin, Ruya Fan, “Improved integral distinguishers on compression function of GOST R hash function”, Computer J., 62 (2019), 535–544 | DOI | MR

[20] Tingting Cui, Wei Wang, Meiqin Wang, “Distinguisher on full-round compression function of GOST R”, Inf. Process. Letters, 156 (2020), 105902 | DOI | MR | Zbl

[21] Kazymyrov O., Kazymyrova V., Algebraic aspects of the Russian hash standard GOST R 34.11-2012, Cryptology ePrint Archive, Report 2013/556, 2013

[22] Dinur I., Leurent G., “Improved generic attacks against hash-based MACs and HAIFA”, CRYPTO 2014, Lect. Notes Comput. Sci., 8616, 2014, 149–168 | DOI | MR | Zbl

[23] Kiryukhin V., “Streebog compression function as PRF in secret-key settings”, Matematicheskie Voprosy Kriptografii, 13:2 (2022), 99–116 | DOI | MR | Zbl

[24] Mendel F., Rechberger C., Schläffer M., Thomsen S.S., “The rebound attack: cryptanalysis of reduced Whirlpool and Grøstl”, FSE 2009, Lect. Notes Comput. Sci., 5665, 2009, 260–276 | DOI | Zbl

[25] Kiryukhin V., Related-key attacks on the compression function of Streebog, https://eprint.iacr.org/2022/970.pdf