[Cryptography] New Results on the Russian S-box

perrin.leo at gmail.com perrin.leo at gmail.com
Sun Mar 24 17:59:31 EDT 2019

Hello everyone,

I have recently sent an e-mail to the CFRG mailing list about my results
on the S-box shared by both of the latest Russian standards in symmetric
crypto and I have been told that it might interest the subscribers of
this mailing list.

In a paper that I am about to present at the Fast Software Encryption
conference, I describe what I claim to be the structure used by the
S-box of the hash function Streebog and the block cipher Kuznyechik.
Their authors never disclosed their design process---and in fact claimed
that it was generated randomly. I established that it is not the case.
More worryingly, the structure they used has a very strong algebraic
structure which, in my opinion, demands a renewed security analysis in
its light. Overall, I would not recommend using these algorithms until
their designers have provided satisfactory explanations about their
S-box choice.

Link to the paper (open access!):

Link to my attempt at vulgarized explanations:

Best regards,

/Léo Perrin

More information about the cryptography mailing list