Cryptology ePrint Archive: Report 2022/118
Streebog compression function as PRF in secret-key settings
Vitaly Kiryukhin
Abstract: Security of the many keyed hash-based cryptographic constructions (such as HMAC) depends on the fact that the underlying compression function $g(H,M)$ is a pseudorandom function (PRF). This paper presents key-recovery algorithms for 7 rounds (of 12) of Streebog compression function. Two cases were considered, as a secret key can be used: the previous state $H$ or the message block $M$. The proposed methods implicitly show that Streebog compression function has a large security margin as PRF in the above-mentioned secret-key settings.
Category / Keywords: secret-key cryptography / Streebog, PRF, truncated differentials, rebound, polytopic cryptanalysis
Original Publication (with minor differences): CTCrypt 2021 - 10th Workshop on Current Trends in Cryptology, June 1–4, 2021 Moscow region
Date: received 31 Jan 2022
Contact author: Vitaly Kiryukhin at infotecs ru
Available format(s): PDF | BibTeX Citation
Version: 20220209:084838 (All versions of this report)
Short URL: ia.cr/2022/118
[ Cryptology ePrint archive ]