Watch your constants: malicious Streebog

نویسندگان

  • Riham AlTawy
  • Amr M. Youssef
چکیده

In August 2012, the Streebog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). In this paper, we investigate the new standard in the context of malicious hashing and present a practical collision for a malicious version of the full hash function. In particular, we apply the rebound attack to find three solutions for three different differential paths for four rounds, and using the freedom of the round constants we connect them to obtain a collision for the twelve rounds of the compression function. Additionally, and due to the simple processing of the counter, we bypass the barrier of the checksum finalization step and transfer the compression function collision to the hash function output with no additional cost. The presented attack has a practical complexity and is verified by an example. While the results of this paper may not have a direct impact on the security of the current Streebog hash function, it presents an urge for the designers to publish the origin of the used parameters and the rational behind their choices in order for this function to gain enough confidence and wide spread adoption by the security community.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Impossible Differential Properties of Reduced Round Streebog

In this paper, we investigate the impossible differential properties of the underlying block cipher and compression function of the new cryptographic hashing standard of the Russian federation Streebog. Our differential trail is constructed in such a way that allows us to recover the key of the underlying block cipher by observing input and output pairs of the compression function which utilize...

متن کامل

The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function

Streebog is a new Russian hash function standard. It follows the HAIFA framework as domain extension algorithm and claims to resist recent generic second-preimage attacks with long messages. However, we demonstrate in this article that the specific instantiation of the HAIFA framework used in Streebog makes it weak against such attacks. More precisely, we observe that Streebog makes a rather po...

متن کامل

STRIBOB: Authenticated Encryption from GOST R 34.11-2012 LPS Permutation

Authenticated encryption algorithms protect both the confidentiality and integrity of messages in a single processing pass. In this note we show how to utilize the L◦P ◦S transform of the Russian GOST R 34.11-2012 standard hash “Streebog” to build an efficient, lightweight algorithm for Authenticated Encryption with Associated Data (AEAD) via the Sponge construction and BLNK padding. The propos...

متن کامل

Application Materials: Dentistry

The samples below are donated by UCSF students, residents and alumni to offer you ideas to format and present your skills and experience. Note: Please do not copy the text verbatim. It is unethical and unwise, as several employers and residency directors recognize our samples. Instead, for extra help, attend on one our monthly Application Materials Clinics or watch our Application Materials Onl...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IET Information Security

دوره 9  شماره 

صفحات  -

تاریخ انتشار 2014