GOST (hash function)
| General | |
|---|---|
| Designers | FAPSI and VNIIstandart (USSR) |
| First published | 1994-05-23 (declassified) |
| Derived from | GOST block cipher |
| Successors | Streebog |
| Certification | GOST standard |
| Detail | |
| Digest sizes | 256 bits |
| Rounds | 32 |
| Best public cryptanalysis | |
| A 2008 attack breaks the full-round hash function. The paper presents a collision attack in 2105 time, and preimage attacks in 2192 time. | |
The GOST hash function, defined in the standards GOST R 34.11-94 and GOST 34.311-95 is a 256-bit cryptographic hash function. It was initially defined in the Russian national standard GOST R 34.11-94 Information Technology - Cryptographic Information Security - Hash Function. The equivalent standard used by other member-states of the CIS is GOST 34.311-95.
This function must not be confused with a different Streebog hash function, which is defined in the new revision of the standard GOST R 34.11-2012.
The GOST hash function is based on the GOST block cipher.
GOST processes a variable-length message into a fixed-length output of 256 bits. The input message is broken up into chunks of 256-bit blocks (eight 32-bit little endian integers); the message is padded by appending as many zeros to it as are required to bring the length of the message up to 256 bits. The remaining bits are filled up with a 256-bit integer arithmetic sum of all previously hashed blocks and then a 256-bit integer representing the length of the original message, in bits.
The algorithm descriptions uses the following notations:
Further we consider that the little-order bit is located at the left of a block, and the high-order bit at the right.
The input message is split into 256-bit blocks . In the case the last block contains less than 256 bits, it is prepended left by zero bits to achieve the desired length.
...
Wikipedia