Cryptology ePrint Archive: Report 2022/118

Streebog compression function as PRF in secret-key settings

Vitaly Kiryukhin

Abstract: Security of the many keyed hash-based cryptographic constructions (such as HMAC) depends on the fact that the underlying compression function $g(H,M)$ is a pseudorandom function (PRF). This paper presents key-recovery algorithms for 7 rounds (of 12) of Streebog compression function. Two cases were considered, as a secret key can be used: the previous state $H$ or the message block $M$. The proposed methods implicitly show that Streebog compression function has a large security margin as PRF in the above-mentioned secret-key settings.

Category / Keywords: secret-key cryptography / Streebog, PRF, truncated differentials, rebound, polytopic cryptanalysis

Original Publication (with minor differences): CTCrypt 2021 - 10th Workshop on Current Trends in Cryptology, June 1–4, 2021 Moscow region