**Title: Cryptanalysis of the GOST Hash Function**

**Abstract**

In this talk, we analyze the security of the GOST hash function with respect to preimage resistance and collision resistance. The GOST hash function, defined in the Russian standard GOST-R 34.11-94, is an iterated hash function producing a 256-bit hash value. As opposed to most commonly used hash functions such as MD5 and SHA-1, the GOST hash function defines, in addition to the common iterative structure, a checksum computed over all input message blocks. This checksum is then part of the final hash value computation. For this hash function, we show how to construct second preimages and preimages with a complexity of about 2^225 compression function evaluations. The attacks are independent of the underlying block cipher GOST.

By exploiting the internal structure of the block cipher, we then show an improved preimage attack on the GOST hash function with a complexity of about 2^192. Furthermore, we present a collision attack on the hash function with a complexity of about 2^105 compression function evaluations. This is work in progress.

A copy of the slides can be found here:

mendel_gost.pdf

"MENDEL Florian" is mentioned on: Home | Participants