The development of computing technologies increases the risk of breaking the adopted encryption algorithms, therefore, the corresponding standards have to be regularly updated in order to ensure their reliability.
As computing technology advances, the likelihood of breaking existing encryption algorithms increases continuously. For this purpose, new algorithms for accelerated selection of keys are being developed and new methods of attacks are being invented. However, the power of the latest IT equipment is increasingly making it possible to achieve full brute-force search, especially in a distributed computing environment. Therefore, government agencies, which use standard encryption mechanisms, have to regularly review their reliability to ensure the safety of their secrets, even if modern cryptanalysis methods are used.
In particular, in the United States at the beginning of this century, the more modern AES standard was adopted instead of the outdated and practically cracked DES. The choice of a new encryption standard was completely open and took more than one year. By the time it was completed, several implementations of the algorithm were already ready, which could be used in the development of encryption tools. Similar processes of preparing new encryption standards are taking place in the European Union.
Russian GOST 28147-89 with initially longer keys lasted longer than DES, but, naturally, the time has come to modernize it too. New versions of block ciphers were only published in 2015. At the same time, they were developed by no means publicly and therefore turned out to be a surprise for the market. Nevertheless, already in 2016, the transfer of products using cryptography to new standards began. In this article we will try to assess what impact the new Russian encryption standards will have on the market for cryptographic information protection (CIP).
HASH FUNCTION STORY
First of all, it should be noted that there are several new standards. The first was published GOST R 34.11-2012 for the hash function, which received the unofficial name “Stribog”. The name of the Old Russian deity does not appear clearly in the text of the standard, but the example of using the hash function, which is part of the standard, contains a fragment from “The Lay of Igor’s Campaign.” It is in it that we are talking about this deity. Therefore, the new hash function is now not called any differently, and on its basis even the encryption standard “Stribog” has been developed.
The development of the “Stribog” was carried out by the employees of the “InfoTech’s” company together with the specialists of the FSB. Previously, the hash function, on the basis of which an electronic signature is created, was based on a block cipher in accordance with GOST 28147-89. The new standard includes a complete description of the hashing procedure, carried out in the best traditions of modern encryption – the message compression function provides for three procedures: nonlinear transformation, permutation and linear transformation. It is according to this scheme that modern encryption standards are built. The message is divided into blocks of 512 bits, with which cryptographic transformations are performed. The result is a hash code that is either 256 or 512 bits long. The first option can be used in systems that previously used the 1994 standard and in solutions with limited computing resources. For all other cases, a longer hash code is recommended.
The new standard for the hash function and the corresponding electronic signature has been in effect since January 1, 2013. The transition to it assumes that the developers of tools that use the hash function will release versions with its support and eventually install them on clients. The system of certification of protective equipment also contributes to the transition to new standards. All new encryption tools are accepted for certification only if they implement the new standard. At the same time, the old one, as a rule, is also supported, but it is not recommended to use it. Actually, there are already several implementations of Stribog, including those certified by the FSB. The standard was also adopted by the IETF in the form of RFC 6986, which makes it possible to use this hash function as part of the SSL (TLS) protocol.
GOST WITH “KUZNECHIK”
However, the FSB did not limit itself to updating the hash function and continued to modernize the remaining cryptographic algorithms through the mediation of its TK-26 committee at Rosstandart. In particular, in 2015, a new standard for the block cipher GOST R 34.12-2015 was adopted, in which the old encryption algorithms were named “Magma”, and the new one – “Grasshopper”. This standard has also been developed jointly with the specialists of InfoTech’s and therefore partially uses the developments of Stribog. It also assumes three transformations: nonlinear, permutation, and linear (see Figures 1 and 2).
“Grasshopper” is a block cipher with a block length of 128 bits (in Magma, a block was 64 bits) and a key of 256 bits. A matrix constructed in a Galois field modulo an irreducible polynomial of the eighth degree is used as a nonlinear transformation. Each block of input data is assigned an element of the Galois field, in which a nonlinear transformation is performed (the same as in Stribog). There have already been works where this nonlinear transformation is tested for strength. In the transformation block, it was possible to identify a certain structure, but cryptanalysts have not yet been able to extract practical use from this. As a linear transformation in the “Grasshopper” can be used not only the matrix, but simply the shift of the digits.
In addition to the algorithm itself, the GOST R 34.13-2015 standard was also released in 2015, which defines the modes of using block ciphers. This standard provides for the following modes: simple replacement (ECB) and meshed (CBC) (see Fig. 3), gamma (STR), output feedback (OFB) and ciphertext (CFB), as well as simulated insertion mode. All of these modes involve the use of a block encoder to encode continuous text. At the same time, these modes are consistent with the ISO / IEC 10116: 2006 standard, which allows harmonizing Russian encryption standards with international ones. In particular, RFCs have already been prepared, which define the implementation of the “Grasshopper”. The modes given in the standard allow parallelization of the encryption and decryption process, therefore it is quite possible to implement fast encoding procedures on modern multi-core processors and graphics coprocessors.