Paper 2022/970

Related-key attacks on the compression function of Streebog

Vitaly Kiryukhin, LLC <<SFB Lab>>, Moscow, Russia, JSC <<InfoTeCS>>, Moscow, Russia
Abstract

Related-key attacks against block ciphers are often considered unrealistic. In practice, as far as possible, the existence of a known "relation" between the secret encryption keys is avoided. Despite this, related keys arise directly in some widely used keyed hash functions. This is especially true for HMAC-Streebog, where known constants and manipulated parameters are added to the secret key. The relation is determined by addition modulo $2$ and $2^{n}$. The security of HMAC reduces to the properties of the underlying compression function. Therefore, as an initial analysis we propose key-recovery methods for 10 and 11 rounds (out of 12) of Streebog compression function in the related-key setting. The result shows that Streebog successfully resists attacks even in the model with such powerful adversaries.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CTCrypt 2022 - 11th Workshop on Current Trends in Cryptology, June 6–9, 2022, Novosibirsk, Russia
Keywords
Streebog related-key truncated differentials rebound
Contact author(s)
vitaly kiryukhin @ sfblaboratory ru
History
2022-07-28: approved
2022-07-28: received
See all versions
Short URL
https://ia.cr/2022/970
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/970,
      author = {Vitaly Kiryukhin},
      title = {Related-key attacks on the compression function of Streebog},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/970},
      year = {2022},
      url = {https://eprint.iacr.org/2022/970}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.