GOST

From The ECRYPT Hash Function Website

1 Specification

• digest size: 256 bits
• compression function: 256-bit message block, 256-bit chaining variable
• Specification:

2 Cryptanalysis

2.1 Best Known Results

The best collision attack on GOST was published by Mendel et al. It has complexity of 2¹⁰⁵ compression function evaluations. The best preimage and second preimage attack has complexity of 2¹⁹² compression function evaluations.

2.2 Generic Attacks

• Generic Attacks on the Merkle-Damgaard Construction

2.3 Collision Attacks

In Proceedings of CRYPTO, LNCS 5157, pp. 162-178, Springer, 2008

[Electronic Edition] [Bibtex]

Author : Florian Mendel, Norbert Pramstaller, Christian Rechberger, Marcin Kontak, Janusz Szmidt
Title : Cryptanalysis of the GOST Hash Function
In : In Proceedings of CRYPTO -

[Abstract]

2.4 Second Preimage Attacks

2.5 Preimage Attacks

In Proceedings of FSE, LNCS 5086, pp. 224-234, Springer, 2008

[Electronic Edition] [Bibtex]

Author : Florian Mendel, Norbert Pramstaller, Christian Rechberger
Title : A (Second) Preimage Attack on the GOST Hash Function
In : In Proceedings of FSE -

[Abstract]

2.6 Others

In Proceedings of CT-RSA, LNCS 4964, pp. 36-51, Springer, 2008

[Electronic Edition] [Bibtex]

Author : Praveen Gauravaram, John Kelsey
Title : Linear-XOR and Additive Checksums Don't Protect Damg{\aa}rd-Merkle Hashes from Generic Attacks
In : In Proceedings of CT-RSA -

[Abstract]