Paper 2014/879
Watch your Constants: Malicious Streebog
Riham AlTawy and Amr M. Youssef
Abstract
In August 2012, the Streebog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). In this paper, we investigate the new standard in the context of malicious hashing and present a practical collision for a malicious version of the full hash function. In particular, we apply the rebound attack to find three solutions for three different differential paths for four rounds, and using the freedom of the round constants we connect them to obtain a collision for the twelve rounds of the compression function. Additionally, and due to the simple processing of the counter, we bypass the barrier of the checksum finalization step and transfer the compression function collision to the hash function output with no additional cost. The presented attack has a practical complexity and is verified by an example. While the results of this paper may not have a direct impact on the security of the current Streebog hash function, it presents an urge for the designers to publish the origin of the used parameters and the rational behind their choices in order for this function to gain enough confidence and wide spread adoption by the security community.
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint. MINOR revision.
- Keywords
- CryptanalysisHash functionsMalicious hashingRebound attacksGOST R 34.11-2012Streebog
- Contact author(s)
- r altawy @ gmail com
- History
- 2014-10-28: received
- Short URL
- https://ia.cr/2014/879
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/879,
author = {Riham AlTawy and Amr M. Youssef},
title = {Watch your Constants: Malicious Streebog},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/879},
year = {2014},
url = {https://eprint.iacr.org/2014/879}
}
