Gost 28147 89

Information about Gost 28147 89

General
GOST 28147-89
Diagram of GOST
USSR
1990
Cipher detail
Key size(s):\| 256 bits
Block size(s):\| 64 bits
Feistel network
32

GOST 28147-89 is a Soviet and Russian government standard symmetric key block cipher.

Developed in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. Shortly after the dissolution of the USSR, it has been declassified and released to the public. GOST 28147 was a Soviet alternative to the United States standard algorithm, DES. Thus, the two are very similar in structure.

In cryptography, this standard is commonly referred to as just GOST (Russian: ГОСТ).

The algorithm

GOST has a 64-bit block size and a key length of 256 bits. Its S-boxes can be secret, and they contain about 512 bits of secret information, so the effective key size can be increased to 768 bits; however, a chosen-key attack can recover the contents of the S-Boxes in approximately 2³² encryptions (Saarinen, 1998).

GOST is a Feistel network of 32 rounds. Its round function is very simple: add a 32-bit subkey modulo 2³², put the result through a layer of S-boxes, and rotate that result left by 11 bits. The result of that is the output of the round function. In the diagram to the left, one line represents 32 bits.

The subkeys are chosen in a pre-specified order. The key schedule is very simple: break the 256-bit key into eight 32-bit subkeys, and each subkey is used four times in the algorithm; the first 24 rounds use the key words in order, the last 8 rounds use them in reverse order.

The S-boxes accept a four-bit input and produce a four-bit output. The S-box substitution in the round function consists of eight 4 × 4 S-boxes. The S-boxes are implementation-dependent - parties that want to secure their communications using GOST must be using the same S-boxes. For extra security, the S-boxes can be kept secret. In the original standard where GOST was specified, no S-boxes were given, but they were to be supplied somehow. This led to speculation that organizations the government wished to spy on were given weak S-boxes. One GOST chip manufacturer reported that he generated S-boxes himself using a pseudorandom number generator (Schneier, 1996).

Cryptanalysis of GOST

Compared to DES, GOST has a very simple round function. However, the designers of GOST attempted to offset the simplicity of the round function by specifying the algorithm with 32 rounds and secret S-boxes.

Another concern is that the avalanche effect is slower to occur in GOST than in DES. This is because of GOST's lack of an expansion permutation in the round function, as well as its use of a rotation instead of a permutation. Again, this is offset by GOST's increased number of rounds.

There is not much published cryptanalysis of GOST, but a cursory glance says that it seems secure (Schneier, 1996). The large number of rounds and secret S-boxes makes both linear and differential cryptanalysis difficult. Its avalanche effect may be slower to occur, but it can propagate over 32 rounds very effectively.

References

Saarinen, Markku-Juhani (1998). A chosen key attack against the secret S-boxes of GOST.
Schneier, Bruce. Applied Cryptography, 2nd edition, 1996. ISBN 0-471-11709-9.
Alex Biryukov, David Wagner, Advanced Slide Attacks, EUROCRYPT 2000, LNCS, pp 589-606, 2000.

External links

Block ciphers • • [ e]
Algorithms: 3-Way \| AES \| Akelarre \| Anubis \| ARIA \| BaseKing \| Blowfish \| C2 \| Camellia \| CAST-128 \| CAST-256 \| CIKS-1 \| CIPHERUNICORN-A \| CIPHERUNICORN-E \| CMEA \| Cobra \| COCONUT98 \| Crab \| CRYPTON \| CS-Cipher \| DEAL \| DES \| DES-X \| DFC \| E2 \| FEAL \| FROG \| G-DES \| GOST \| Grand Cru \| Hasty Pudding Cipher \| Hierocrypt \| ICE \| IDEA \| IDEA NXT \| Iraqi \| Intel Cascade Cipher \| KASUMI \| KHAZAD \| Khufu and Khafre \| KN-Cipher \| Libelle \| LOKI89/91 \| LOKI97 \| Lucifer \| M6 \| MacGuffin \| Madryga \| MAGENTA \| MARS \| Mercy \| MESH \| MISTY1 \| MMB \| MWA \| MULTI2 \| NewDES \| NOEKEON \| NUSH \| Q \| RC2 \| RC5 \| RC6 \| REDOC \| Red Pike \| S-1 \| SAFER \| SC2000 \| SEED \| Serpent \| SHACAL \| SHARK \| Skipjack \| SMS4 \| Square \| TEA \| Triple DES \| Twofish \| UES \| Xenon \| xmx \| XTEA \| XXTEA \| Zodiac
Design: Feistel network \| Key schedule \| Product cipher \| S-box \| SPN Attacks: Brute force \| Linear / Differential / Integral cryptanalysis \| Mod n \| Related-key \| Slide \| XSL
Standardization: AES process \| CRYPTREC \| NESSIE Misc: Avalanche effect \| Block size \| IV \| Key size \| Modes of operation \| Piling-up lemma \| Weak key
Cryptography • • [ e]
History of cryptography \| Cryptanalysis \| \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers

Union of Soviet Socialist Republics (abbreviated USSR, Russian: (help info ) ; tr.
..... Click the link for more information.

In cryptography, the key size (alternatively key length) is the size of the digits used to create an encrypted text; it is therefore also a measure of the number of possible keys which can be used in a cipher, and the number of keys which must be tested to 'break' the
..... Click the link for more information.

block size. Both the input (plaintext) and output (ciphertext) are the same length; the output cannot be shorter than the input — this is logically required by the Pigeonhole principle and the fact that the cipher must be invertible — and it is simply undesirable for
..... Click the link for more information.

In cryptography, a Feistel cipher is a block cipher with a symmetric structure, named after IBM cryptographer Horst Feistel; it is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the Data Encryption Standard (DES).
..... Click the link for more information.

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.
..... Click the link for more information.

block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher might take a (for example) 128-bit block of plaintext as input, and output a corresponding 128-bit block
..... Click the link for more information.

20th century - 21st century
1960s 1970s 1980s - 1990s - 2000s 2010s 2020s
1987 1988 1989 - 1990 - 1991 1992 1993

Year 1990 (MCMXC) was a common year starting on Monday (link displays the 1990 Gregorian calendar).
..... Click the link for more information.

Union of Soviet Socialist Republics (abbreviated USSR, Russian: (help info ) ; tr.
..... Click the link for more information.

Motto
"In God We Trust" (since 1956)
"E Pluribus Unum" ("From Many, One"; Latin, traditional)
Anthem
..... Click the link for more information.

Data Encryption Standard

The Feistel function (F function) of DES

General
IBM
1975 (standardized on January 1977)

Lucifer
Triple DES, G-DES, DES-X, LOKI89, ICE

Cipher detail
Key size(s):| 56 bits

Block size(s):| 64 bits
..... Click the link for more information.

Cryptography (or cryptology; derived from Greek κρυπτός kryptÃ³s "hidden," and the verb γράφω grÃ¡fo "write" or λεγειν legein
..... Click the link for more information.

GOST refers to a set of technical standards maintained by the Euro-Asian Council for Standardization, Metrology and Certification (EASC), a regional standards organization operating under the auspices of the Commonwealth of Independent States (CIS).
..... Click the link for more information.

Russian}}}
Writing system: Cyrillic (Russian variant)
Official status
Official language of: Abkhazia (Georgia)
Belarus
Commonwealth of Independent States (working)
Crimea (de facto; Ukraine)
..... Click the link for more information.

In cryptography, a substitution box (or S-box) is a basic component of symmetric key algorithms. In block ciphers, they are typically used to obscure the relationship between the plaintext and the ciphertext — Shannon's property of confusion.
..... Click the link for more information.

Modular arithmetic (sometimes called modulo arithmetic, or clock arithmetic) is a system of arithmetic for integers, where numbers "wrap around" after they reach a certain value — the modulus.
..... Click the link for more information.

A pseudorandom number generator (PRNG) is an algorithm to generate a sequence of numbers that approximate the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's
..... Click the link for more information.

avalanche effect refers to a desirable property of cryptographic algorithms, typically block ciphers and cryptographic hash functions. The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit) the output changes significantly (eg,
..... Click the link for more information.

In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers.
..... Click the link for more information.

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output.
..... Click the link for more information.

Data Encryption Standard

The Feistel function (F function) of DES

19th century - 20th century - 21st century
1960s 1970s 1980s - 1990s - 2000s 2010s 2020s
1993 1994 1995 - 1996 - 1997 1998 1999

Year 1996 (MCMXCVI
..... Click the link for more information.

3-Way

General
Joan Daemen
1994

NOEKEON
BaseKing

Cipher detail
Key size(s):| 96 bits

Block size(s):| 96 bits
Substitution-permutation network
11
Best public cryptanalysis|-| colspan=2 | related-key attack

In cryptography,
..... Click the link for more information.

AES

The SubBytes step, one of four stages in a round of AES

General
Vincent Rijmen, Joan Daemen
1998

Square
Anubis, Grand Cru

AES winner, CRYPTREC, NESSIE
Cipher detail
Key size(s):| 128, 192 or 256 bits^[1]
..... Click the link for more information.

Akelarre

General
G. Ãlvarez, D. de la GuÃa, F. Montoya, A. Peinado
1996

IDEA, RC5

Cipher detail
Key size(s):| 128 bits

Block size(s):| 128 bits
Substitution-permutation network
4
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Herod_Archelaus

iPedia Free Information Center