Paper 2013/539

Rebound attacks on Stribog

Riham AlTawy, Aleksandar Kircanski, and Amr M. Youssef

Abstract

In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block cipher that allows us to efficiently obtain a 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities $2^8$ and $2^{40}$, respectively. Finally, the compression function is analyzed and a 7.75 round semi free-start collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 49 out of 64 bytes near colliding message pair.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. ICISC 2013
Keywords
CryptanalysisHash functionsMeet in the middleRebound attackGOST R 34.11-2012Stribog
Contact author(s)
rihammahdy @ hotmail com
History
2014-01-17: revised
2013-08-30: received
See all versions
Short URL
https://ia.cr/2013/539
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/539,
      author = {Riham AlTawy and Aleksandar Kircanski and Amr M.  Youssef},
      title = {Rebound attacks on Stribog},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/539},
      year = {2013},
      url = {https://eprint.iacr.org/2013/539}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.