### Related-key attacks on the compression function of Streebog

##### Abstract

Related-key attacks against block ciphers are often considered unrealistic. In practice, as far as possible, the existence of a known "relation" between the secret encryption keys is avoided. Despite this, related keys arise directly in some widely used keyed hash functions. This is especially true for HMAC-Streebog, where known constants and manipulated parameters are added to the secret key. The relation is determined by addition modulo $2$ and $2^{n}$. The security of HMAC reduces to the properties of the underlying compression function. Therefore, as an initial analysis we propose key-recovery methods for 10 and 11 rounds (out of 12) of Streebog compression function in the related-key setting. The result shows that Streebog successfully resists attacks even in the model with such powerful adversaries.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. CTCrypt 2022 - 11th Workshop on Current Trends in Cryptology, June 6–9, 2022, Novosibirsk, Russia
Keywords
Streebog related-key truncated differentials rebound
Contact author(s)
vitaly kiryukhin @ sfblaboratory ru
History
2022-07-28: approved
See all versions
Short URL
https://ia.cr/2022/970

CC BY

BibTeX

@misc{cryptoeprint:2022/970,
author = {Vitaly Kiryukhin},
title = {Related-key attacks on the compression function of Streebog},
howpublished = {Cryptology ePrint Archive, Paper 2022/970},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/970}},
url = {https://eprint.iacr.org/2022/970}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.