GOST is a Feistel network of 32 rounds. Its round function is very simple: add a bit subkey modulo 2 32 , put the result through a layer of S-boxes, and rotate that result left by 11 bits. The result of that is the output of the round function. In the diagram to the left, one line represents 32 bits. The subkeys are chosen in a pre-specified order. The key schedule is very simple: break the bit key into eight bit subkeys, and each subkey is used four times in the algorithm; the first 24 rounds use the key words in order, the last 8 rounds use them in reverse order.
The S-boxes accept a four-bit input and produce a four-bit output. The S-boxes are implementation-dependent - parties that want to secure their communications using GOST must be using the same S-boxes. For extra security, the S-boxes can be kept secret. In the original standard where GOST was specified, no S-boxes were given, but they were to be supplied somehow. This led to speculation that organizations the government wished to spy on were given weak S-boxes. One GOST chip manufacturer reported that he generated S-boxes himself using a pseudorandom number generator Schneier, However, the designers of GOST attempted to offset the simplicity of the round function by specifying the algorithm with 32 rounds and secret S-boxes.
This is because of GOST's lack of an expansion permutation in the round function, as well as its use of a rotation instead of a permutation. Again, this is offset by GOST's increased number of rounds. There is not much published cryptanalysis of GOST, but a cursory glance says that it seems secure Schneier, The large number of rounds and secret S-boxes makes both linear and differential cryptanalysis difficult.
Its avalanche effect may be slower to occur, but it can propagate over 32 rounds very effectively. There are two ways a cipher can be broken: theoretically and practically. If the paper is correct then:. Section Now theoretically a cipher is broken if there is an attack that is significantly faster than brute force.
So if this claim is correct then the theoretical security of GOST is much lower than it is supposed to be. Hence it could be called broken. Of course, nobody is going to invest that amount of memory or processing power to even prove this point.
SHA-1 has a much lower effective security margin and it took a very long time before a collision could be found. Given the structure of the paper I would say that it's likely that the claims are correct. That doesn't mean that anybody can now attack GOST. It does show that too many kinds of attack are possible. These kind of attacks will only get stronger. This is a clear indication that it would be wise to upgrade. The block size of 64 bit is also a good reason to upgrade, 64 bit is considered on the low side for many applications of block ciphers.
The NSA can insert a backdoor requirements into the endevors of third parties, then promote this as a "secure" cypher. And still is. This is particularly important as this is the cypher used for cryptocurrencies and most "encrypted" info on webpages and messaging. Furthermore the NSA does have a history of inserting backdoors. And it has a greater advantage: It was never intended for public use, so it woudn't be backdoored. Sign up to join this community.
The best answers are voted up and rise to the top. Stack Overflow for Teams — Start collaborating and sharing organizational knowledge. Create a free Team Why Teams? Learn more. Is the GOST block cipher broken? Ask Question. Asked 6 years, 8 months ago. Modified 3 years, 4 months ago. Viewed 2k times. Improve this question. I mean I suspect that after Snowden leaks that any recommended cipher or public key algorithm by them they know how to crack it. NIST is responsible for such standardisation.
The GOST block cipher (Magma), defined in the standard GOST (RFC ), is a Soviet and Russian government standard symmetric key block cipher with. The GOST block cipher, defined in the standard GOST , is a Soviet and Russian government standard symmetric key block cipher with a block size of 64 bits. The GOST hash function, defined in the standards GOST R and GOST is a bit cryptographic hash function. It was initially defined in.