[cryptography] GOST attack
alserkli at inbox.ru
Tue Jun 14 07:25:47 EDT 2011
In this paper we show that GOST is NOT SECURE even against
differential cryptanalysis (DC), or rather advanced attacks based on
sets of differentials. [...]
An Improved Differential Attack on GOST [...]
Overall this attack requires 2^64 KP [known pairs, I guess] and
allows to break full 32-round GOST in time of about 2^228 GOST
encryptions for a success probability of 50 %.
Since GOST has a 64-bit block size, it means that the attacker starts
with the full map of (plaintext, ciphertext) pairs. In a sane system
the key is either random or a result of KDF -- what can be the point
of such an attack?
More information about the cryptography