International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 14 August 2015

Alex Biryukov, Léo Perrin, Aleksei Udovenko
ePrint Report ePrint Report
The last hash function and block cipher standardized by the Russian standardization body (GOST) both use the same S-Box. It is also used by an independent CAESAR candidate. This transformation is only specified as a look up table and the reason behind its choice is unknown.

We managed to reverse-engineer this S-Box and describe its unpublished structure. Our decomposition allows a much more efficient hardware implementation but the choice of the components used is puzzling from a cryptographic perspective.

This extended abstract does not explain \\emph{how} we found this decomposition. We will describe our process in an extended version of this paper.

Expand

Additional news items may be found on the IACR news page.