### Streebog compression function as PRF in secret-key settings

Vitaly Kiryukhin

##### Abstract

Security of the many keyed hash-based cryptographic constructions (such as HMAC) depends on the fact that the underlying compression function $g(H,M)$ is a pseudorandom function (PRF). This paper presents key-recovery algorithms for 7 rounds (of 12) of Streebog compression function. Two cases were considered, as a secret key can be used: the previous state $H$ or the message block $M$. The proposed methods implicitly show that Streebog compression function has a large security margin as PRF in the above-mentioned secret-key settings.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. MINOR revision.CTCrypt 2021 - 10th Workshop on Current Trends in Cryptology, June 1–4, 2021 Moscow region
Keywords
StreebogPRFtruncated differentialsreboundpolytopic cryptanalysis
Contact author(s)
Vitaly Kiryukhin @ infotecs ru
History
Short URL
https://ia.cr/2022/118

CC BY

BibTeX

@misc{cryptoeprint:2022/118,
author = {Vitaly Kiryukhin},
title = {Streebog compression function as PRF in secret-key settings},
howpublished = {Cryptology ePrint Archive, Paper 2022/118},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/118}},
url = {https://eprint.iacr.org/2022/118}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.