Cryptology ePrint Archive: Report 2013/539

Rebound attacks on Stribog

Riham AlTawy and Aleksandar Kircanski and Amr M. Youssef

Abstract: In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block cipher that allows us to efficiently obtain a 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities $2^8$ and $2^{40}$, respectively. Finally, the compression function is analyzed and a 7.75 round semi free-start collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 49 out of 64 bytes near colliding message pair.

Category / Keywords: Cryptanalysis, Hash functions, Meet in the middle, Rebound attack, GOST R 34.11-2012, Stribog

Original Publication (in the same form): ICISC 2013

Date: received 27 Aug 2013, last revised 16 Jan 2014

Contact author: rihammahdy at hotmail com

Available format(s): PDF | BibTeX Citation

Version: 20140117:024002 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]