Improved Single-Key Attacks on 2-GOST

Abstract EN

GOST, known as GOST-28147-89, was standardized as the Russian encryption standard in 1989.

It is a lightweight-friendly cipher and suitable for the resource-constrained environments.

However, due to the simplicity of GOST’s key schedule, it encountered reflection attack and fixed point attack.

In order to resist such attacks, the designers of GOST proposed a modification of GOST, namely, 2-GOST.

This new version changes the order of subkeys in the key schedule and uses concrete S-boxes in round function.

But regarding single-key attacks on full-round 2-GOST, Ashur et al.

proposed a reflection attack with data of 232 on a weak-key class of size 2224, as well as the fixed point attack and impossible reflection attack with data of 264 for all possible keys.

Note that the attacks applicable for all possible keys need the entire plaintext space.

In other words, these are codebook attacks.

In this paper, we propose single-key attacks on 2-GOST with only about 232 data instead of codebook.

Firstly, we apply 2-dimensional meet-in-the-middle attack combined with splice-cut technique on full-round 2-GOST.

This attack is applicable for all possible keys, and its data complexity reduces from previous 264 to 232.

Besides that, we apply splice-cut meet-in-the-middle attack on 31-round 2-GOST with only data of 232.

In this attack, we only need 8 bytes of memory, which is negligible.