Cryptanalysis of DES with a reduced number of rounds
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Differential Cryptanalysis of Reduced Rounds of GOST
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A (Second) Preimage Attack on the GOST Hash Function
Fast Software Encryption
Cryptanalysis of the GOST Hash Function
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Reflection Cryptanalysis of Some Ciphers
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A single-key attack on the full GOST block cipher
FSE'11 Proceedings of the 18th international conference on Fast software encryption
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
A compress slide attack on the full GOST block cipher
Information Processing Letters
Influence of S-Boxes to the resistance of GOST algorithm against linear cryptanalysis
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
GOST is a well known block cipher which was developed in the Soviet Union during the 1970's as an alternative to the US-developed DES. In spite of considerable cryptanalytic effort, until very recently there were no published single key attacks against its full 32-round version which were faster than the 2256 time complexity of exhaustive search. In February 2011, Isobe used the previously discovered reflection property in order to develop the first such attack, which requires 232 data, 264 memory and 2224 time. In this paper we introduce a new fixed point property and a better way to attack 8-round GOST in order to find improved attacks on full GOST: Given 232 data we can reduce the memory complexity from an impractical 264 to a practical 236 without changing the 2224 time complexity, and given 264 data we can simultaneously reduce the time complexity to 2192 and the memory complexity to 236.