[cryptography] GOST attack

Danilo Gligoroski danilo.gligoroski at gmail.com
Wed Jun 15 02:22:26 EDT 2011

Danilo Gligoroski wrote:
>> Now, 64-bit blocks are much bigger than 4-bit blocks, (and the secret key
>> is still 256 bits i.e. much larger than the block size), but the
>> of the codebook attack are the same.

Marsh Ray wrote:
> Hmmm...there's more than proportional exponents going on here.
> The key space contains 2^K elements, K = 256 in our examples, while the 
> set of possible permutations is (2^N)! .

Hehe, sure - that is why I said "but the principles are the same", thinking 
about the same example that you are mentioning: 
(2^4)! ~ 2^44 << 2^256 and 
(2^64)! >>>>> 2^256 .

But, for all cryptographic operations knowing the complete "random"
i.e. the cipher codebook is equivalent as possessing one (or maybe THE one)
unknown key without knowing that key.

OK - I should correct myself and say, their work (if correct) IS 
INTERESTING, from the point of view that they are capable to "compress" a 
random permutation of 2^64 elements produced by GOST-256, into 256 bits 
(the unknown key) with a complexity of 2^228 operations. 

1. From complexity point of view - interesting result, 
2. From security point of view - a work with false and bogus claim written 
in a propaganda style with CAPITAL letters in the abstract: 
" ... we show that GOST is NOT SECURE ..." dedicated to ISO standardization 
committee - nothing else.


More information about the cryptography mailing list