On security of keyed cryptographic algorithms based on the Streebog hash function against related­-key attacks

V. A. Kiryukhin

Abstract


The keyless hash function Streebog is a core of several keyed cryptographic algorithms that are used as pseudorandom functions (PRF) and message authentication codes (MAC). One example is Streebog­-K proposed at CTCrypt 2022. The proof of its security is based on the reduction to the properties of the underlying compression function. The latter must be secure against related­key attacks (PRF­-RKA) when keying through any of the two inputs. We prove that in both cases the compression function requirement cannot be mitigated from PRF-­RKA to PRF. In addition, if both of these requirements are met, then Streebog­K itself is not only secure PRF, but also resistant to related­key attacks (PRF-­RKA). Similar results are presented for the standardized HMAC-­Streebog cryptographic algorithm

Full Text:

PDF (Russian)

References


GOST R 34.11­2012 – National standard of the Russian Federation – Information technology – Cryptographic data security – Hash function, Moscow: Standartinform, 2012.

R. Merkle, «One way wash functions and DES», in CRYPTO 1989, ser. Lect. Notes Comput. Sci. Vol. 435, 1990, pp. 428–446.

I. Damgård, «A design principle for hash functions», in CRYPTO 1989, ser. Lect. Notes Comput. Sci. Vol. 435, 1990, pp. 416–427.

V. A. Kiryukhin, «Keyed Streebog is a secure PRF and MAC», Mat. vopr. kriptogr. [Mathematical Issues of Cryptography], vol. 14, no. 2, pp. 77–96, 2023.

J. Guo, J. Jean, G. Leurent, T. Peyrin, and L. Wang, «The usage of counter revisited: second­preimage attack on new Russian standardized hash function», in SAC 2014, ser. Lect. Notes Comput. Sci. Vol. 8781, 2014, pp. 195–211.

R 50.1.113­2016 Informacionnaya tekhnologiya. Kriptograficheskaya zashchita informacii. Kriptograficheskie algoritmy, soputstvuyushchie primeneniyu algoritmov elektronnoj cifrovoj podpisi i funkcii heshirovaniya [R 50.1.113­2016 – Information technology – Cryptographic data security – Cryptographic algorithms accompanying the use of electronic digital signature algorithms and hash functions], Moscow: Standartinform, 2016.

M. Bellare, R. Canetti, and H. Krawczyk, «Keying Hash Functions for Message Authentication», in Crypto’96, ser. Lect. Notes Comput. Sci. Vol. 1109, 1996, pp. 1–15.

N. Koblitz and A. Menezes, «Another look at HMAC», J. Math. Cryptol., vol. 7:3, pp. 225–251, 2013.

M. Bellare, «New proofs for NMAC and HMAC: security without collision­resistance», in CRYPTO 2006, ser. Lect. Notes Comput. Sci. Vol. 4117, April 2014, pp. 602–619.

P. Gaži, K. Pietrzak, and M. Rybár, «The Exact PRFSecurity of NMAC and HMAC», in CRYPTO 2014, ser. Lect. Notes Comput. Sci. Vol. 8616, August 2014, pp. 113–130.

M. Nandi, «A New and Improved Reduction Proof of Cascade PRF», Cryptology ePrint Archive: Report 2021/097, 2021.

E. Alekseev, I. Oshkin, V. Popov, and S. Smyshlyaev, «On the cryptographic properties of algorithms accompanying the applications of standards GOST R 34.11­ 2012 and GOST R 34.10­2012», Mat. vopr. kriptogr. [Mathematical Issues of Cryptography], vol. 7, no. 1, pp. 5–38, 2016.

V. A. Kiryukhin, «About “k­bit security” of MACs based on hash function Streebog», Cryptology ePrint Archive, Paper 2023/1305, 2023.

M. Bellare and P. Rogaway, Introduction to Modern Cryptography. 2005.


Refbacks

  • There are currently no refbacks.


Abava  Кибербезопасность IT Congress 2024

ISSN: 2307-8162