Streebog
| General | |
|---|---|
| Designers | FSB, InfoTeCS JSC |
| First published | 2012 |
| Related to | GOST |
| Certification | GOST standard |
| Detail | |
| Digest sizes | 256 and 512 |
| Rounds | 12 |
| Best public cryptanalysis | |
| Second preimage attack with 2266time complexity. | |
Streebog is a cryptographic hash function defined in the Russian national standard GOST R 34.11-2012 Information Technology - Cryptographic Information Security - Hash Function. It was created to replace an obsolete GOST hash function defined in the old standard GOST R 34.11-94, and as an asymmetric reply to SHA-3 competition by the US National Institute of Standards and Technology. The function is also described in RFC 6986.
Streebog is a family of two hash functions, Streebog-256 and Streebog-512, that produce output 256-bit or 512-bit hash respectively from a bit string of arbitrary size using the Merkle-Damgård construction. The high-level structure of the new hash function resembles the one from GOST R 34.11-94, however, the compression function was changed significantly. The compression function operates in Miyaguchi-Preneel mode and employs a 12-round AES-like cipher.
The function was named Streebog after Stribog, the god of rash wind in ancient Slavic mythology, and is often referred by this name, even though it is not explicitly mentioned in the text of the standard.
Hash values of empty string.
Even a small change in the message will (with overwhelming probability) result in a mostly different hash, due to the avalanche effect. For example, adding a period to the end of the sentence:
In 2013 the Russian Technical Committee for Standardization “Cryptography and Security Mechanisms” (TC 26) with the participation of Academy of Cryptography of the Russian Federation declared an open competition for cryptanalysis of Streebog hash function, which attracted the international attention to the function.
Bingke Ma, Bao Li, Ronglin Hao, and Xiaoqian Li in their work "Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function" describe a preimage attack that takes 2496 time and 264 memory or 2504 time and 211 memory to find a single preimage of GOST-512 reduced to 6 rounds. They also describe collision attack with 2181time complexity and 264 memory requirement in the same paper.
...
Wikipedia