2320:
255:
security, the S-boxes can be kept secret. In the original standard where GOST was specified, no S-boxes were given, but they were to be supplied somehow. This led to speculation that organizations the government wished to spy on were given weak S-boxes. One GOST chip manufacturer reported that he generated S-boxes himself using a
685:
Until 2011 researchers unanimously agreed that GOST could or should be very secure, which was summarised in 2010 in these words: despite considerable cryptanalytic efforts spent in the past 20 years, GOST is still not broken". Unhappily, it was recently discovered that GOST can be broken and is a
506:
Until 2011 researchers unanimously agreed that GOST could or should be very secure, which was summarised in 2010 in these words: despite considerable cryptanalytic efforts spent in the past 20 years, GOST is still not broken". Unhappily, it was recently discovered that GOST can be broken and is a
254:
The S-boxes accept a four-bit input and produce a four-bit output. The S-box substitution in the round function consists of eight 4 Ă— 4 S-boxes. The S-boxes are implementation-dependent, thus parties that want to secure their communications using GOST must be using the same S-boxes. For extra
452:
In
December 2012, Courtois, Gawinecki, and Song improved attacks on GOST by computing only 2 GOST rounds. Isobe had already published a single key attack on the full GOST cipher, which Dinur, Dunkelman, and Shamir improved upon, reaching 2 time complexity for 2 data and 2 memory, and 2 time
433:
The latest cryptanalysis of GOST shows that it is secure in a theoretical sense. In practice, the data and memory complexity of the best published attacks has reached the level of practical, while the time complexity of even the best attack is still 2 when 2 data is available.
250:
The subkeys are chosen in a pre-specified order. The key schedule is very simple: break the 256-bit key into eight 32-bit subkeys, and each subkey is used four times in the algorithm; the first 24 rounds use the key words in order, the last 8 rounds use them in reverse order.
38:
573:
456:
Since the attacks reduce the expected strength from 2 (key length) to around 2, the cipher can be considered broken. However, this attack is not feasible in practice, as the number of tests to be performed 2 is out of reach.
444:
In 2011 several authors discovered more significant flaws in GOST, being able to attack the full 32-round GOST with arbitrary keys for the first time. It has even been called "a deeply flawed cipher" by
155:
In 2011 several authors discovered more significant flaws in GOST, being able to attack the full 32-round GOST with arbitrary keys for the first time. It has even been called "a deeply flawed cipher" by
449:. Initial attacks were able to reduce time complexity from 2 to 2 at the cost of huge memory requirements, and soon they were improved up to 2 time complexity (at the cost of 2 memory and 2 data).
247:
2, put the result through a layer of S-boxes, and rotate that result left by 11 bits. The result of that is the output of the round function. In the adjacent diagram, one line represents 32 bits.
236:(16!)) bits of secret information, so the effective key size can be increased to 610 bits; however, a chosen-key attack can recover the contents of the S-boxes in approximately 2 encryptions.
2300:
2130:
751:
725:
703:
680:
501:
460:
Note that for any block cipher with block size of n bits, the maximum amount of plaintext that can be encrypted before rekeying must take place is 2 blocks, due to the
1983:
1918:
999:
553:
Fleischmann, Ewan; Gorski, Michael; HĂĽhne, Jan-Hendrik; Lucks, Stefan (2009). "Key
Recovery Attack on Full GOST Block Cipher with Zero Time and Memory".
185:
with a block size of 64 bits. The original standard, published in 1989, did not give the cipher any name, but the most recent revision of the standard,
1745:
1101:
200:
Developed in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. Shortly after the dissolution of the
1735:
1229:
842:
807:
622:
1636:
1898:
1872:
1740:
859:"Draft of ISO/IEC JTC 1/SC 27 Standing Document No. 12 (SD12) on the Assessment of Cryptographic Techniques and Key Lengths, 4th edition"
1713:
1976:
1882:
992:
1761:
578:
We show that a simple "black box" chosen-key attack against GOST can recover secret S-boxes with approximately 2^32 encryptions
522:
2179:
1939:
2353:
256:
1969:
1029:
2295:
2250:
2063:
1825:
985:
2174:
1842:
1752:
1730:
1043:
858:
2290:
1847:
1703:
1656:
1131:
221:
117:
2358:
2280:
2270:
2125:
1913:
1795:
1670:
1039:
209:
959:
An open source implementation of PKCS#11 software device with
Russian GOST cryptography standards capabilities
2363:
2275:
2265:
2068:
2028:
2021:
2011:
2006:
1852:
1641:
1012:
204:, it was declassified and it was released to the public in 1994. GOST 28147 was a Soviet alternative to the
2348:
2016:
1944:
1820:
1815:
1767:
263:
1616:
2323:
2169:
2115:
1934:
1757:
1194:
948:
584:
612:
2285:
2209:
1837:
1720:
1646:
1329:
1309:
190:
137:
81:
2048:
1800:
1777:
905:
437:
Since 2007, several attacks have been developed against reduced-round GOST implementations and/or
2154:
2138:
2085:
1785:
1693:
1405:
1334:
1304:
1249:
953:
244:
2214:
2204:
2075:
1505:
1204:
1164:
1159:
1126:
1086:
1034:
838:
803:
618:
639:
2149:
1877:
1772:
1651:
1510:
1390:
1359:
1053:
922:
828:
795:
461:
446:
157:
193:
is based on this cipher. The new standard also specifies a new 128-bit block cipher called
1724:
1708:
1697:
1631:
1590:
1555:
1485:
1465:
1339:
1219:
1214:
1169:
766:
597:
240:
130:
2224:
2144:
2105:
2053:
2038:
1862:
1810:
1621:
1606:
1545:
1540:
1425:
1174:
2342:
2305:
2260:
2219:
2199:
2095:
2058:
2033:
1857:
1805:
1684:
1666:
1455:
1430:
1420:
1244:
1234:
1081:
205:
179:
148:
657:
529:
2255:
2100:
2090:
2080:
2043:
1992:
1790:
1611:
1575:
1440:
1319:
1274:
1106:
1058:
1008:
182:
823:
Dinur, Itai; Dunkelman, Orr; Shamir, Adi (2012). "Improved
Attacks on Full GOST".
799:
2234:
1400:
1395:
1279:
833:
673:"Security Evaluation of GOST 28147-89 In View Of International Standardisation"
494:"Security Evaluation of GOST 28147-89 In View Of International Standardisation"
2194:
2164:
2159:
2120:
1832:
1550:
1490:
1374:
1369:
1314:
1184:
1047:
225:
194:
85:
927:
790:
Isobe, Takanori (2011). "A Single-Key Attack on the Full GOST Block Cipher".
17:
2184:
1565:
1560:
1450:
1364:
1259:
1239:
914:
2229:
2189:
1903:
1867:
1661:
1324:
1199:
1179:
1091:
949:
Description, texts of the standard, online GOST encrypt and decrypt tools
438:
189:(RFC 7801, RFC 8891), specifies that it may be referred to as Magma. The
107:
963:
37:
1570:
1520:
1480:
1470:
1415:
1410:
1254:
1063:
794:. Lecture Notes in Computer Science. Vol. 6733. pp. 290–305.
740:
614:
Applied cryptography : protocols, algorithms, and source code in C
966:— open-source implementation of Russian GOST cryptography for OpenSSL.
718:
2110:
1908:
1530:
1525:
1460:
1445:
1435:
1380:
1354:
1349:
1344:
1224:
1209:
918:
896:
887:
243:
of 32 rounds. Its round function is very simple: add a 32-bit subkey
827:. Lecture Notes in Computer Science. Vol. 7549. pp. 9–28.
958:
895:
Popov, Vladimir; Leontiev, Serguei; Kurepkin, Igor (January 2006).
888:"RFC 5830: GOST 28147-89 encryption, decryption and MAC algorithms"
878:
464:, and none of the aforementioned attacks require less than 2 data.
1626:
1585:
1535:
1515:
1500:
1289:
1269:
1189:
1154:
699:
672:
493:
349:, adds the missing S-box specification and defines it as follows.
229:
897:"RFC 4357: Additional Cryptographic Algorithms for Use with GOST"
767:"CONTRADICTION IMMUNITY AND GUESS-THEN-DETERMINE ATTACKS ON GOST"
1475:
1384:
1299:
1294:
1284:
1264:
1136:
1121:
473:
201:
95:
58:
1965:
981:
765:
Nicolas T. Courtois; Jerzy A. Gawinecki; Guangyan Song (2012).
1580:
1495:
1116:
1111:
62:
36:
741:"Algebraic Complexity Reduction and Cryptanalysis of GOST"
574:"A chosen key attack against the secret S-boxes of GOST"
178:(RFC 5830), is a Soviet and Russian government standard
2131:
Cryptographically secure pseudorandom number generator
969:
2243:
1999:
1927:
1891:
1680:
1599:
1145:
1072:
1020:
345:However, the most recent revision of the standard,
146:
136:
126:
116:
106:
101:
91:
77:
69:
54:
49:
638:Eli Biham; Orr Dunkelman; Nathan Keller (2007).
212:. Thus, the two are very similar in structure.
719:"An Improved Differential Attack on Full GOST"
232:can be secret, and they contain about 354 (log
1977:
993:
904:Alex Biryukov & David Wagner (May 2000).
27:Soviet/Russian national standard block cipher
8:
698:Nicolas T. Courtois; Michał Miształ (2011).
30:
1984:
1970:
1962:
1000:
986:
978:
974:
970:
658:"Reflection Cryptanalysis of Some Ciphers"
926:
913:. Advances in Cryptology, Proceedings of
832:
517:
515:
881:. Rudolf Nickolaev, WebCrypto GOST team.
351:
268:
617:(2. ed., ed.). New York : Wiley.
484:
593:
582:
29:
964:https://github.com/gost-engine/engine
921:: Springer-Verlag. pp. 589–606.
739:Courtois, Nicolas T. (Jun 13, 2011).
7:
700:"Differential Cryptanalysis of GOST"
671:Courtois, Nicolas T. (9 May 2011).
492:Courtois, Nicolas T. (9 May 2011).
523:"GOST R 34.12-2015 (Russian only)"
264:Central Bank of Russian Federation
25:
2319:
2318:
572:Saarinen, Markku-Juhani (1998).
422:1 7 E D 0 5 8 3 4 F A 6 9 C B 2
414:8 E 2 5 6 9 1 C F 4 B 0 D A 3 7
406:5 D F 6 9 2 C A B 7 8 1 4 3 E 0
398:7 F 5 A 8 1 6 D 0 9 3 E B 4 2 C
390:C 8 2 1 D 4 F 6 7 0 A 5 3 E 9 B
382:B 3 5 8 2 F A D E 1 7 4 C 9 6 0
374:6 8 2 3 9 A 5 C 1 E 4 7 B D 0 F
366:C 4 6 2 A 5 B 9 E 8 D 7 0 3 F 1
339:1 F D 0 5 7 A 4 9 2 3 E 6 B 8 C
331:D B 4 1 3 F 5 9 0 A E 7 6 8 2 C
323:4 B A 0 7 2 1 D 3 6 8 5 9 C F E
315:6 C 7 1 5 F D 8 4 A 9 E 0 3 B 2
307:7 D A 1 0 8 9 F E 4 6 C B 2 5 3
299:5 8 1 D A 3 4 2 E F C 7 6 0 9 B
291:E B 4 C 6 D F A 2 3 8 1 0 7 5 9
283:4 A 9 2 D 8 0 E 6 B 1 C 7 F 5 3
886:Dolmatov, Vasily (March 2010).
2180:Information-theoretic security
1:
266:used the following S-boxes:
257:pseudorandom number generator
800:10.1007/978-3-642-21702-9_17
717:Nicolas T. Courtois (2012).
2296:Message authentication code
2251:Cryptographic hash function
2064:Cryptographic hash function
834:10.1007/978-3-642-34047-5_2
174:), defined in the standard
2380:
2175:Harvest now, decrypt later
2314:
2291:Post-quantum cryptography
1961:
1883:Time/memory/data tradeoff
977:
973:
748:Cryptology ePrint Archive
677:Cryptology ePrint Archive
498:Cryptology ePrint Archive
154:
73:1994-05-23 (declassified)
35:
2281:Quantum key distribution
2271:Authenticated encryption
2126:Random number generation
1671:Whitening transformation
928:10.1007/3-540-45539-6_41
879:"WebCrypto GOST Library"
825:Fast Software Encryption
792:Fast Software Encryption
640:"Improved Slide Attacks"
611:Schneier, Bruce (1996).
555:Published as ISO/IEC JTC
358:GOST R 34.12-2015 S-box
2276:Public-key cryptography
2266:Symmetric-key algorithm
2069:Key derivation function
2029:Cryptographic primitive
2022:Authentication protocol
2012:Outline of cryptography
2007:History of cryptography
1642:Confusion and diffusion
453:complexity for 2 data.
2017:Cryptographic protocol
907:Advanced Slide Attacks
592:Cite journal requires
41:
2170:End-to-end encryption
2116:Cryptojacking malware
1935:Initialization vector
954:SCAN's entry for GOST
429:Cryptanalysis of GOST
40:
31:GOST 28147-89 (Magma)
2354:Broken block ciphers
2286:Quantum cryptography
2210:Trusted timestamping
1714:3-subset MITM attack
1330:Intel Cascade Cipher
1310:Hasty Pudding cipher
686:deeply flawed cipher
507:deeply flawed cipher
208:standard algorithm,
2049:Cryptographic nonce
1753:Differential-linear
656:Orhun Kara (2008).
32:
2155:Subliminal channel
2139:Pseudorandom noise
2086:Key (cryptography)
1826:Differential-fault
1044:internal mechanics
220:GOST has a 64-bit
191:GOST hash function
82:GOST hash function
42:
2336:
2335:
2332:
2331:
2215:Key-based routing
2205:Trapdoor function
2076:Digital signature
1957:
1956:
1953:
1952:
1940:Mode of operation
1617:Lai–Massey scheme
844:978-3-642-34046-8
809:978-3-642-21701-2
624:978-0-471-11709-4
426:
425:
347:GOST R 34.12-2015
343:
342:
262:For example, the
228:of 256 bits. Its
187:GOST R 34.12-2015
168:GOST block cipher
164:
163:
16:(Redirected from
2371:
2322:
2321:
2150:Insecure channel
1986:
1979:
1972:
1963:
1811:Power-monitoring
1652:Avalanche effect
1360:Khufu and Khafre
1013:security summary
1002:
995:
988:
979:
975:
971:
938:
936:
935:
930:
912:
900:
891:
882:
866:
865:
863:
855:
849:
848:
836:
820:
814:
813:
787:
781:
780:
778:
777:
771:
762:
756:
755:
745:
736:
730:
729:
723:
714:
708:
707:
695:
689:
688:
668:
662:
661:
653:
647:
646:
644:
635:
629:
628:
608:
602:
601:
595:
590:
588:
580:
569:
563:
562:
550:
544:
543:
541:
540:
534:
528:. Archived from
527:
519:
510:
509:
489:
462:birthday paradox
447:Nicolas Courtois
352:
269:
158:Nicolas Courtois
65:, 8th Department
33:
21:
2379:
2378:
2374:
2373:
2372:
2370:
2369:
2368:
2359:Feistel ciphers
2339:
2338:
2337:
2328:
2310:
2239:
1995:
1990:
1949:
1923:
1892:Standardization
1887:
1816:Electromagnetic
1768:Integral/Square
1725:Piling-up lemma
1709:Biclique attack
1698:EFF DES cracker
1682:
1676:
1607:Feistel network
1595:
1220:CIPHERUNICORN-E
1215:CIPHERUNICORN-A
1147:
1141:
1074:
1068:
1022:
1016:
1006:
945:
933:
931:
910:
903:
894:
885:
877:
874:
872:Further reading
869:
861:
857:
856:
852:
845:
822:
821:
817:
810:
789:
788:
784:
775:
773:
769:
764:
763:
759:
743:
738:
737:
733:
721:
716:
715:
711:
697:
696:
692:
670:
669:
665:
655:
654:
650:
642:
637:
636:
632:
625:
610:
609:
605:
591:
581:
571:
570:
566:
552:
551:
547:
538:
536:
532:
525:
521:
520:
513:
491:
490:
486:
482:
470:
431:
241:Feistel network
235:
218:
131:Feistel network
70:First published
45:
44:Diagram of GOST
28:
23:
22:
15:
12:
11:
5:
2377:
2375:
2367:
2366:
2364:GOST standards
2361:
2356:
2351:
2341:
2340:
2334:
2333:
2330:
2329:
2327:
2326:
2315:
2312:
2311:
2309:
2308:
2303:
2301:Random numbers
2298:
2293:
2288:
2283:
2278:
2273:
2268:
2263:
2258:
2253:
2247:
2245:
2241:
2240:
2238:
2237:
2232:
2227:
2225:Garlic routing
2222:
2217:
2212:
2207:
2202:
2197:
2192:
2187:
2182:
2177:
2172:
2167:
2162:
2157:
2152:
2147:
2145:Secure channel
2142:
2136:
2135:
2134:
2123:
2118:
2113:
2108:
2106:Key stretching
2103:
2098:
2093:
2088:
2083:
2078:
2073:
2072:
2071:
2066:
2056:
2054:Cryptovirology
2051:
2046:
2041:
2039:Cryptocurrency
2036:
2031:
2026:
2025:
2024:
2014:
2009:
2003:
2001:
1997:
1996:
1991:
1989:
1988:
1981:
1974:
1966:
1959:
1958:
1955:
1954:
1951:
1950:
1948:
1947:
1942:
1937:
1931:
1929:
1925:
1924:
1922:
1921:
1916:
1911:
1906:
1901:
1895:
1893:
1889:
1888:
1886:
1885:
1880:
1875:
1870:
1865:
1860:
1855:
1850:
1845:
1840:
1835:
1830:
1829:
1828:
1823:
1818:
1813:
1808:
1798:
1793:
1788:
1783:
1775:
1770:
1765:
1758:Distinguishing
1755:
1750:
1749:
1748:
1743:
1738:
1728:
1718:
1717:
1716:
1711:
1701:
1690:
1688:
1678:
1677:
1675:
1674:
1664:
1659:
1654:
1649:
1644:
1639:
1634:
1629:
1624:
1622:Product cipher
1619:
1614:
1609:
1603:
1601:
1597:
1596:
1594:
1593:
1588:
1583:
1578:
1573:
1568:
1563:
1558:
1553:
1548:
1543:
1538:
1533:
1528:
1523:
1518:
1513:
1508:
1503:
1498:
1493:
1488:
1483:
1478:
1473:
1468:
1463:
1458:
1453:
1448:
1443:
1438:
1433:
1428:
1423:
1418:
1413:
1408:
1403:
1398:
1393:
1388:
1377:
1372:
1367:
1362:
1357:
1352:
1347:
1342:
1337:
1332:
1327:
1322:
1317:
1312:
1307:
1302:
1297:
1292:
1287:
1282:
1277:
1272:
1267:
1262:
1257:
1252:
1250:Cryptomeria/C2
1247:
1242:
1237:
1232:
1227:
1222:
1217:
1212:
1207:
1202:
1197:
1192:
1187:
1182:
1177:
1172:
1167:
1162:
1157:
1151:
1149:
1143:
1142:
1140:
1139:
1134:
1129:
1124:
1119:
1114:
1109:
1104:
1099:
1094:
1089:
1084:
1078:
1076:
1070:
1069:
1067:
1066:
1061:
1056:
1051:
1037:
1032:
1026:
1024:
1018:
1017:
1007:
1005:
1004:
997:
990:
982:
968:
967:
961:
956:
951:
944:
943:External links
941:
940:
939:
901:
892:
883:
873:
870:
868:
867:
850:
843:
815:
808:
782:
757:
731:
709:
690:
663:
648:
630:
623:
603:
594:|journal=
564:
545:
511:
483:
481:
478:
477:
476:
474:GOST standards
469:
466:
430:
427:
424:
423:
420:
416:
415:
412:
408:
407:
404:
400:
399:
396:
392:
391:
388:
384:
383:
380:
376:
375:
372:
368:
367:
364:
360:
359:
356:
341:
340:
337:
333:
332:
329:
325:
324:
321:
317:
316:
313:
309:
308:
305:
301:
300:
297:
293:
292:
289:
285:
284:
281:
277:
276:
273:
233:
217:
214:
162:
161:
152:
151:
144:
143:
140:
134:
133:
128:
124:
123:
120:
114:
113:
110:
104:
103:
99:
98:
93:
89:
88:
79:
75:
74:
71:
67:
66:
56:
52:
51:
47:
46:
43:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
2376:
2365:
2362:
2360:
2357:
2355:
2352:
2350:
2349:Block ciphers
2347:
2346:
2344:
2325:
2317:
2316:
2313:
2307:
2306:Steganography
2304:
2302:
2299:
2297:
2294:
2292:
2289:
2287:
2284:
2282:
2279:
2277:
2274:
2272:
2269:
2267:
2264:
2262:
2261:Stream cipher
2259:
2257:
2254:
2252:
2249:
2248:
2246:
2242:
2236:
2233:
2231:
2228:
2226:
2223:
2221:
2220:Onion routing
2218:
2216:
2213:
2211:
2208:
2206:
2203:
2201:
2200:Shared secret
2198:
2196:
2193:
2191:
2188:
2186:
2183:
2181:
2178:
2176:
2173:
2171:
2168:
2166:
2163:
2161:
2158:
2156:
2153:
2151:
2148:
2146:
2143:
2140:
2137:
2132:
2129:
2128:
2127:
2124:
2122:
2119:
2117:
2114:
2112:
2109:
2107:
2104:
2102:
2099:
2097:
2096:Key generator
2094:
2092:
2089:
2087:
2084:
2082:
2079:
2077:
2074:
2070:
2067:
2065:
2062:
2061:
2060:
2059:Hash function
2057:
2055:
2052:
2050:
2047:
2045:
2042:
2040:
2037:
2035:
2034:Cryptanalysis
2032:
2030:
2027:
2023:
2020:
2019:
2018:
2015:
2013:
2010:
2008:
2005:
2004:
2002:
1998:
1994:
1987:
1982:
1980:
1975:
1973:
1968:
1967:
1964:
1960:
1946:
1943:
1941:
1938:
1936:
1933:
1932:
1930:
1926:
1920:
1917:
1915:
1912:
1910:
1907:
1905:
1902:
1900:
1897:
1896:
1894:
1890:
1884:
1881:
1879:
1876:
1874:
1871:
1869:
1866:
1864:
1861:
1859:
1856:
1854:
1851:
1849:
1846:
1844:
1841:
1839:
1838:Interpolation
1836:
1834:
1831:
1827:
1824:
1822:
1819:
1817:
1814:
1812:
1809:
1807:
1804:
1803:
1802:
1799:
1797:
1794:
1792:
1789:
1787:
1784:
1782:
1781:
1776:
1774:
1771:
1769:
1766:
1763:
1759:
1756:
1754:
1751:
1747:
1744:
1742:
1739:
1737:
1734:
1733:
1732:
1729:
1726:
1722:
1719:
1715:
1712:
1710:
1707:
1706:
1705:
1702:
1699:
1695:
1692:
1691:
1689:
1686:
1685:cryptanalysis
1679:
1672:
1668:
1667:Key whitening
1665:
1663:
1660:
1658:
1655:
1653:
1650:
1648:
1645:
1643:
1640:
1638:
1635:
1633:
1630:
1628:
1625:
1623:
1620:
1618:
1615:
1613:
1610:
1608:
1605:
1604:
1602:
1598:
1592:
1589:
1587:
1584:
1582:
1579:
1577:
1574:
1572:
1569:
1567:
1564:
1562:
1559:
1557:
1554:
1552:
1549:
1547:
1544:
1542:
1539:
1537:
1534:
1532:
1529:
1527:
1524:
1522:
1519:
1517:
1514:
1512:
1509:
1507:
1504:
1502:
1499:
1497:
1494:
1492:
1489:
1487:
1484:
1482:
1479:
1477:
1474:
1472:
1469:
1467:
1464:
1462:
1459:
1457:
1456:New Data Seal
1454:
1452:
1449:
1447:
1444:
1442:
1439:
1437:
1434:
1432:
1429:
1427:
1424:
1422:
1419:
1417:
1414:
1412:
1409:
1407:
1404:
1402:
1399:
1397:
1394:
1392:
1389:
1386:
1382:
1378:
1376:
1373:
1371:
1368:
1366:
1363:
1361:
1358:
1356:
1353:
1351:
1348:
1346:
1343:
1341:
1338:
1336:
1333:
1331:
1328:
1326:
1323:
1321:
1318:
1316:
1313:
1311:
1308:
1306:
1303:
1301:
1298:
1296:
1293:
1291:
1288:
1286:
1283:
1281:
1278:
1276:
1273:
1271:
1268:
1266:
1263:
1261:
1258:
1256:
1253:
1251:
1248:
1246:
1243:
1241:
1238:
1236:
1233:
1231:
1228:
1226:
1223:
1221:
1218:
1216:
1213:
1211:
1208:
1206:
1203:
1201:
1198:
1196:
1195:BEAR and LION
1193:
1191:
1188:
1186:
1183:
1181:
1178:
1176:
1173:
1171:
1168:
1166:
1163:
1161:
1158:
1156:
1153:
1152:
1150:
1144:
1138:
1135:
1133:
1130:
1128:
1125:
1123:
1120:
1118:
1115:
1113:
1110:
1108:
1105:
1103:
1100:
1098:
1095:
1093:
1090:
1088:
1085:
1083:
1080:
1079:
1077:
1071:
1065:
1062:
1060:
1057:
1055:
1052:
1049:
1045:
1041:
1038:
1036:
1033:
1031:
1028:
1027:
1025:
1019:
1014:
1010:
1009:Block ciphers
1003:
998:
996:
991:
989:
984:
983:
980:
976:
972:
965:
962:
960:
957:
955:
952:
950:
947:
946:
942:
929:
924:
920:
916:
909:
908:
902:
898:
893:
889:
884:
880:
876:
875:
871:
860:
854:
851:
846:
840:
835:
830:
826:
819:
816:
811:
805:
801:
797:
793:
786:
783:
768:
761:
758:
753:
749:
742:
735:
732:
727:
720:
713:
710:
705:
701:
694:
691:
687:
682:
678:
674:
667:
664:
659:
652:
649:
641:
634:
631:
626:
620:
616:
615:
607:
604:
599:
586:
579:
575:
568:
565:
560:
556:
549:
546:
535:on 2015-09-24
531:
524:
518:
516:
512:
508:
503:
499:
495:
488:
485:
479:
475:
472:
471:
467:
465:
463:
458:
454:
450:
448:
442:
440:
435:
428:
421:
418:
417:
413:
410:
409:
405:
402:
401:
397:
394:
393:
389:
386:
385:
381:
378:
377:
373:
370:
369:
365:
362:
361:
357:
354:
353:
350:
348:
338:
335:
334:
330:
327:
326:
322:
319:
318:
314:
311:
310:
306:
303:
302:
298:
295:
294:
290:
287:
286:
282:
279:
278:
274:
271:
270:
267:
265:
260:
258:
252:
248:
246:
242:
237:
231:
227:
223:
216:The algorithm
215:
213:
211:
207:
206:United States
203:
198:
196:
192:
188:
184:
181:
180:symmetric key
177:
176:GOST 28147-89
173:
169:
159:
153:
150:
149:cryptanalysis
145:
141:
139:
135:
132:
129:
125:
121:
119:
115:
111:
109:
105:
102:Cipher detail
100:
97:
96:GOST standard
94:
92:Certification
90:
87:
83:
80:
76:
72:
68:
64:
60:
57:
53:
48:
39:
34:
19:
18:GOST 28147-89
2256:Block cipher
2101:Key schedule
2091:Key exchange
2081:Kleptography
2044:Cryptosystem
1993:Cryptography
1843:Partitioning
1801:Side-channel
1779:
1746:Higher-order
1731:Differential
1612:Key schedule
1096:
932:. Retrieved
906:
853:
824:
818:
791:
785:
774:. Retrieved
760:
747:
734:
712:
693:
684:
676:
666:
651:
633:
613:
606:
585:cite journal
577:
567:
558:
554:
548:
537:. Retrieved
530:the original
505:
497:
487:
459:
455:
451:
443:
436:
432:
346:
344:
261:
253:
249:
238:
219:
199:
186:
183:block cipher
175:
171:
167:
165:
147:Best public
2244:Mathematics
2235:Mix network
1928:Utilization
1914:NSA Suite B
1899:AES process
1848:Rubber-hose
1786:Related-key
1694:Brute-force
1073:Less common
118:Block sizes
2343:Categories
2195:Ciphertext
2165:Decryption
2160:Encryption
2121:Ransomware
1878:Chi-square
1796:Rotational
1736:Impossible
1657:Block size
1551:Spectr-H64
1375:Ladder-DES
1370:Kuznyechik
1315:Hierocrypt
1185:BassOmatic
1148:algorithms
1075:algorithms
1048:Triple DES
1023:algorithms
934:2007-09-03
776:2014-08-25
539:2015-08-28
480:References
239:GOST is a
226:key length
222:block size
195:Kuznyechik
86:Kuznyechik
78:Successors
2185:Plaintext
1853:Black-bag
1773:Boomerang
1762:Known-key
1741:Truncated
1566:Threefish
1561:SXAL/MBAL
1451:MultiSwap
1406:MacGuffin
1365:KN-Cipher
1305:Grand Cru
1260:CS-Cipher
1240:COCONUT98
915:EUROCRYPT
772:. Versita
439:weak keys
127:Structure
108:Key sizes
55:Designers
2324:Category
2230:Kademlia
2190:Codetext
2133:(CSPRNG)
1904:CRYPTREC
1868:Weak key
1821:Acoustic
1662:Key size
1506:Red Pike
1325:IDEA NXT
1205:Chiasmus
1200:CAST-256
1180:BaseKing
1165:Akelarre
1160:Adiantum
1127:Skipjack
1092:CAST-128
1087:Camellia
1035:Blowfish
468:See also
112:256 bits
2000:General
1945:Padding
1863:Rebound
1571:Treyfer
1521:SAVILLE
1481:PRESENT
1471:NOEKEON
1416:MAGENTA
1411:Madryga
1391:Lucifer
1255:CRYPTON
1064:Twofish
1054:Serpent
899:. IETF.
890:. IETF.
864:. 2016.
230:S-boxes
122:64 bits
50:General
2111:Keygen
1909:NESSIE
1858:Davies
1806:Timing
1721:Linear
1681:Attack
1600:Design
1591:Zodiac
1556:Square
1531:SHACAL
1526:SC2000
1486:Prince
1466:Nimbus
1461:NewDES
1446:MULTI2
1436:MISTY1
1379:LOKI (
1355:KHAZAD
1350:KeeLoq
1345:KASUMI
1340:Kalyna
1225:CLEFIA
1210:CIKS-1
1170:Anubis
1021:Common
919:Bruges
917:2000.
841:
806:
621:
275:S-box
245:modulo
224:and a
138:Rounds
2141:(PRN)
1791:Slide
1647:Round
1632:P-box
1627:S-box
1586:XXTEA
1546:Speck
1541:Simon
1536:SHARK
1516:SAFER
1501:REDOC
1426:Mercy
1385:89/91
1335:Iraqi
1300:G-DES
1290:FEA-M
1270:DES-X
1235:Cobra
1190:BATON
1175:Ascon
1155:3-Way
1146:Other
911:(PDF)
862:(PDF)
770:(PDF)
744:(PDF)
722:(PDF)
643:(PDF)
533:(PDF)
526:(PDF)
172:Magma
1919:CNSA
1778:Mod
1704:MITM
1476:NUSH
1431:MESH
1421:MARS
1295:FROG
1285:FEAL
1265:DEAL
1245:Crab
1230:CMEA
1137:XTEA
1122:SEED
1102:IDEA
1097:GOST
1082:ARIA
839:ISBN
804:ISBN
752:IACR
726:IACR
704:IACR
681:IACR
619:ISBN
598:help
502:IACR
202:USSR
166:The
59:USSR
1873:Tau
1833:XSL
1637:SPN
1581:xmx
1576:UES
1511:S-1
1496:RC2
1441:MMB
1320:ICE
1275:DFC
1132:TEA
1117:RC6
1112:RC5
1107:LEA
1059:SM4
1040:DES
1030:AES
923:doi
829:doi
796:doi
210:DES
197:.
63:KGB
2345::
1401:M8
1396:M6
1383:,
1381:97
1280:E2
1046:,
837:.
802:.
750:.
746:.
724:.
702:.
683:.
679:.
675:.
589::
587:}}
583:{{
576:.
557:.
514:^
504:.
500:.
496:.
441:.
419:8
411:7
403:6
395:5
387:4
379:3
371:2
363:1
355:#
336:8
328:7
320:6
312:5
304:4
296:3
288:2
280:1
272:#
259:.
142:32
84:,
61:,
1985:e
1978:t
1971:v
1780:n
1764:)
1760:(
1727:)
1723:(
1700:)
1696:(
1687:)
1683:(
1673:)
1669:(
1491:Q
1387:)
1050:)
1042:(
1015:)
1011:(
1001:e
994:t
987:v
937:.
925::
847:.
831::
812:.
798::
779:.
754:.
728:.
706:.
660:.
645:.
627:.
600:)
596:(
561:.
559:1
542:.
234:2
170:(
160:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.