Improved attacks on full GOST

Itai Dinur, Orr Dunkelman, Adi Shamir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


GOST is a well known block cipher which was developed in the Soviet Union during the 1970's as an alternative to the US-developed DES. In spite of considerable cryptanalytic effort, until very recently there were no published single key attacks against its full 32-round version which were faster than the 2 256 time complexity of exhaustive search. In February 2011, Isobe used the previously discovered reflection property in order to develop the first such attack, which requires 2 32 data, 2 64 memory and 2 224 time. In this paper we introduce a new fixed point property and a better way to attack 8-round GOST in order to find improved attacks on full GOST: Given 2 32 data we can reduce the memory complexity from an impractical 2 64 to a practical 2 36 without changing the 2 224 time complexity, and given 2 64 data we can simultaneously reduce the time complexity to 2 192 and the memory complexity to 2 36.

Original languageEnglish
Title of host publicationFast Software Encryption - 19th International Workshop, FSE 2012, Revised Selected Papers
Number of pages20
StatePublished - 2012
Event19th International Workshop on Fast Software Encryption, FSE 2012 - Washington, DC, United States
Duration: 19 Mar 201221 Mar 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7549 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference19th International Workshop on Fast Software Encryption, FSE 2012
Country/TerritoryUnited States
CityWashington, DC


  • 2D meet in the middle attack
  • Block cipher
  • GOST
  • cryptanalysis
  • fixed point property
  • reflection property

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Improved attacks on full GOST'. Together they form a unique fingerprint.

Cite this