Paper 2022/118

Streebog compression function as PRF in secret-key settings

Vitaly Kiryukhin

Abstract

Security of the many keyed hash-based cryptographic constructions (such as HMAC) depends on the fact that the underlying compression function $g(H,M)$ is a pseudorandom function (PRF). This paper presents key-recovery algorithms for 7 rounds (of 12) of Streebog compression function. Two cases were considered, as a secret key can be used: the previous state $H$ or the message block $M$. The proposed methods implicitly show that Streebog compression function has a large security margin as PRF in the above-mentioned secret-key settings.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. CTCrypt 2021 - 10th Workshop on Current Trends in Cryptology, June 1–4, 2021 Moscow region
Keywords
StreebogPRFtruncated differentialsreboundpolytopic cryptanalysis
Contact author(s)
Vitaly Kiryukhin @ infotecs ru
History
2022-02-09: received
Short URL
https://ia.cr/2022/118
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/118,
      author = {Vitaly Kiryukhin},
      title = {Streebog compression function as PRF in secret-key settings},
      howpublished = {Cryptology ePrint Archive, Paper 2022/118},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/118}},
      url = {https://eprint.iacr.org/2022/118}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.