Cryptanalysis of GOST2

Tomer Ashur, Achiya Bar-On, Orr Dunkelman

Research output: Contribution to journalArticlepeer-review


GOST 28147 is a 256-bit key 64-bit block cipher developed by the USSR, later adopted by the Russian government as a national standard. In 2010, GOST was suggested to be included in ISO/IEC 18033-3, but was rejected due to weaknesses found in its key schedule. In 2015, a new version of GOST was suggested with the purpose of mitigating such attacks. In this paper, we show that similar weaknesses exist in the new version as well. More specifically, we present a fixed-point attack on the full cipher with time complexity of 2<sup>237</sup> encryptions. We also present a reflection attack with time complexity of 2<sup>192</sup> for a key that is chosen from a class of 2<sup>224</sup> weak keys. Finally, we discuss an impossible reflection attack which improves on exhaustive search by a factor of 2<em>e</em>, and several possible related-key attacks.
Original languageEnglish
Pages (from-to)203-214
Number of pages12
JournalIACR Transactions on Symmetric Cryptology
Issue number1
StatePublished - 8 Mar 2017


Dive into the research topics of 'Cryptanalysis of GOST2'. Together they form a unique fingerprint.

Cite this