Paper 2015/812

The Secret Structure of the S-Box of Streebog, Kuznechik and Stribob

Alex Biryukov, Léo Perrin, and Aleksei Udovenko

Abstract

The last hash function and block cipher standardized by the Russian standardization body (GOST) both use the same S-Box. It is also used by an independent CAESAR candidate. This transformation is only specified as a look up table and the reason behind its choice is unknown. We managed to reverse-engineer this S-Box and describe its unpublished structure. Our decomposition allows a much more efficient hardware implementation but the choice of the components used is puzzling from a cryptographic perspective. This extended abstract does not explain \emph{how} we found this decomposition. We will describe our process in an extended version of this paper.

Note: Made it clear that only STRIBOBr1 was using the S-Box we reverse-engineered, unlike STRIBOBr2.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
StreebogS-BoxKuznyechikReverse-Engineering
Contact author(s)
leo perrin @ uni lu
History
2015-08-31: revised
2015-08-14: received
See all versions
Short URL
https://ia.cr/2015/812
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/812,
      author = {Alex Biryukov and Léo Perrin and Aleksei Udovenko},
      title = {The Secret Structure of the S-Box of Streebog, Kuznechik and Stribob},
      howpublished = {Cryptology ePrint Archive, Paper 2015/812},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/812}},
      url = {https://eprint.iacr.org/2015/812}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.