This project has moved and is read-only. For the latest updates, please go here.

The most perfect encryption algorithm...

Topics: Feature Requests, Technical Issues
Dec 19, 2015 at 8:34 PM
Was recently completed the development of a new encryption algorithm GOST R 34.12-2015. The protection level is quite high. Myself use this algorithm as a plugin for KeePass. VERY much want to put this algorithm in VeraCrypt.
Plugin for KeePass + Source code:
Source code:

P.S. This encryption algorithm has been adopted in Russia as the basis of data protection and will be applied in all public authorities, including organs of state security from 01.01.2016 year.
P.P.S Pleeease add this algorithm. I specifically joined the site to ask about this.
Dec 20, 2015 at 8:16 PM
I have added your suggestion as a new issue. You can "upvote" the issue here:
Dec 20, 2015 at 8:56 PM
In the interview I gave in October to eSecurity Planet, I mentioned the fact that it is planned to include non-western ciphers, including the GOST standards:

Thank you Eloquence for sharing the information about the official adoption of Kuznyechik for 2016. This indeed gives more credit to including this cipher in VeraCrypt. I'll set the issue opened by commenter8 to Active and I'll try to add a first implementation in the coming weeks.
Dec 20, 2015 at 9:18 PM
Edited Dec 20, 2015 at 9:59 PM
The most perfect algorithm? Any arguments?

The following discussions/issues here deal also with the GOST ciphers:

  • If it was just recently developed, there was not much time for cryptanalysis
  • The performance of the old GOST (at least in a modded TC) is poor
  • From a brief glimpse at wikipedia it sounds like this was the old algorithm with added S-Box definition?!
but since there is a new revision, this might actually become an interesting idea.

EDIT: I hardly found anything about this algorithm in English.
I only found a presentation of a Ukraine standard algorithm which references it and the KeePass plugin.
Dec 20, 2015 at 11:02 PM
commenter8. Thank you! Voted.

idrassi Thanks a lot. I don't understand why people need to vote. If you add those who want to use will use and those who do not want - will not. But in any case thanks for the reply.

RandomNameforCode I can't say exactly why he is better than others. Just wanted to let You added it. Wrote "loud" a title to attract attention :) Sorry))
Dec 20, 2015 at 11:31 PM
Edited Dec 20, 2015 at 11:35 PM
In June of this year in Russia was adopted(in steps into action 01.01.2016) new standard block cipher — GOST R 34.12-2015. This standard is in addition to the good old GOST 28147-89, which is now called "Magma" and has a fixed set of substitutions, contains a description of the block cipher "Kuznyechik"(in English->"Grasshopper"). About him I and tell in this post.

Unlike a new GOST 28147-89 cipher is not a Feistel network, and the so-called SP-chain: a transformation consisting of several rounds, each round consists of nonlinear and linear transformations, as well as the operation of the overlay key. Unlike Feistel network using SP-net converted the entire input block and not half of it. This structure is sometimes called AES-like (similar to AES), but, unlike the latter, the "Kuznyechik" has a number of "chips":
  • a linear transformation can be implemented using the shift register;
  • the key scan is implemented using a Feistel network whose round function uses a transformation of the original algorithm.
The length of the input block "Kuznyechik" — the 128 bit key is 256 bits.

Encryption based on sequential use of several similar rounds, each of which contains three transforms: addition with raundovy key transformation unit substitution, and linear transformation.

128-bit input vector of the next round develops a bit with raundovy key:

Nonlinear transformation applies to each 8-bit ptvector 128-bit input vector fixed-line substitution:

In "the Grasshopper" using the same substitution as in the hash function "Stribog".

A linear transformation, as I said, can be implemented not only as typically in block cipher — matrix, but using LFSR — linear shift register with feedback, which moves 16 times.

The register is implemented over the Galois field modulo an irreducible polynomial of degree 8:

The round transformation can be represented as follows:
Generation of round keys

Consider now the procedure for generating the round keys from the master key. The first two are obtained by partitioning the master key in half. Next to generate the next pair of round keys is used 8 iterations of a Feistel network, where, in turn, as the round keys used schetchikova sequence that passes through a linear transform algorithm:

Round key scan can be represented as follows:

And the whole procedure generate round keys so:

Encryption and decryption

As a result, the encryption of one 128-bit input block is described by the following equation:

But in the form of flowcharts may be represented as:

Decryption is implemented by handling basic transformations and applying them in reverse order:
Dec 21, 2015 at 1:14 AM
Eloquence, could you please provide a source for this: "This encryption algorithm has been adopted in Russia as the basis of data protection and will be applied in all public authorities, including organs of state security from 01.01.2016 year. " Russian mathematicians are indisputably world-class, and if the Russian government has made this their equivalent of AES then it should be obvious to everyone that this is an algorithm that VeraCrypt should provide.

Also, regarding the source code that you pointed to - is this official source code from the Russian government, or...?
Dec 21, 2015 at 7:28 AM
Edited Dec 21, 2015 at 7:34 AM
In the Russian segment of the Internet this is stated everywhere. Also this is stated on the official website of the developers of this algorithm-> (Technical standardization Committee "CRYPTOGRAPHY AND SECURITY MECHANISMS" (TC 26)). Image

Source code taken from this site.

1 DEVELOPED by the Center for information security and special communications FSB(The Federal Security Service. The analogue of the KGB.)
Russia with participation of the Open joint-stock company "Information
technology and communication systems" (JSC "infotecs")
2 MADE by the Technical Committee for standardization TC 26
"Cryptographic protection of information"


All the details in the official document which I have indicated in the description.
Dec 21, 2015 at 9:28 AM
RandomNameforCode wrote:
The most perfect algorithm? Any arguments?
Nobody, really NOBODY can tell with certainty which algorithm is "best" or even "better than another one". However, GOST is a non-Western one (Russian). Enough said. For the sake of diversity at least, it may be a great alternative to AES/Twofish/Serpent.

Looking retrospectively, was T34 not better than the German Tigers? Is Kalasnhikov not better than the modern high tech western weapons with hanging IR and laser devices that can scare the s**t out of everybody? Until they catch some dirt and bite the dust :) And more to the point of cryptography, wasnt it the western (German-Dutch) "Enigma" broken during WW2 due to a ridiculous design (algorithm) weakness? While probably nobody of you guys (with exception maybe of Eloquence and view others) have ever heard about the Russian cryptography and steganography during WW2. Few would imagine that most of the devices used by the Russians in 1940's can now be broken only by bruteforce (=computers).... Thats what i call a good reference and track record :)
Dec 21, 2015 at 12:43 PM
Thanks, Eloquence! Apparently this is indeed the Russian counterpart of AES, with official source code provided.

Russian cryptography is generally excellent - I have heard very credible anecdotal cases in which Russian cryptography has proven itself to be very strong.

This is an important addition to the Veracrypt set of algorithms, especially when used as part of a cascading encryption along with AES, Serpent and Twofish.

With this quadruple cascade, the security advantage of VeraCrypt over TrueCrypt will be more easily understood by the popular press, and many new users will arrive!
Dec 21, 2015 at 2:01 PM
commenter8, You're Welcome!
Dec 22, 2015 at 10:04 PM
Edited Dec 22, 2015 at 10:05 PM
See this:
You can use the source code from gostcrypt:

And you can add russian hash function GOST R 34.11-2012(from gostcrypt) to use with this algorithm(GOST R 34.12-2015)
Jan 8, 2016 at 11:41 AM

its true, nobody actually knows how secure AES, Twofish and Serpent are and this is probably the same for GOST-2.
Basically the only confidence is from the fact that experts were not able to break it for decades.
I did not say it must be bad, especially not that it is bad because its Russian.
Even though I mistrust the Russian "government" even more than the American one.

I just wanted to know why Eloquence calls it "most perfect algorithm". If there are no arguments for this statement, it's just nonsense.

Maybe Enigma was broken and Russian crypto not because it had the strongest adversaries with the most resources spend on it (money, time, knowledge, luck), I don't know.
They even almost screwed breaking it, because the superiors of Turing did not believe his approach to work out.

I actually do not know anything about Russian crypto, that's true. One more reason to ask for arguments.

BTW: Even clever people can make stupid mistakes ^^
Jan 8, 2016 at 8:45 PM
Edited Jan 8, 2016 at 8:49 PM
RandomNameforCode, true, you made valid points. so why "the most perfect algorithm"?

I think, to put it simply.... USA and Russia are the world's most 'respected' powers in terms of military development (including encryption). No other nation has proven itself to have invested more time and resources into developing its defense industry..... And while the Americans have proven their military and intelligence strength mainly against nations of significant importance in areas where neither weapons nor encryption is used, Grenada springs to mind, the Russians are the ones who thought Hitler and Napoleon the rule of the fist, just to name a few. Another argument..... we all know that cryptography grows on the roots of mathematics.... while USA has undoubtedly the greatest universities and academic resources in mathematics in the world at the moment, if we look (and we have to) more retrospectively, we would all come to the conclusions that Germany and Russia are the top 2 countries (i hope to be excused by all English, French, Italian and others who have also played a great role in that field) who have set the foundations of the modern math. After all, while these 2 countries were fighting the Riemann hypothesis, the Americans were fighting the Navajos in Arizona....

So back to the question.... all available in VC ciphers, Rijndael-belgian, Blowfish-NY, Serpent-british/danish/israeli.... are "Western inspired"... The NIST contest that chose Rijndael to become AES is purely American... all that gives a strong Western/American flavor to all these ciphers.... For someone with American/Western mindset, AES is the one that rules - undoubtedly! For the others... the other "military nation"'s standards are the perfect ones. Simple :)
Jan 11, 2016 at 12:23 AM
I do not believe there is any point wasting time and increasing bootloader complexity implementing this cipher as it does not provide any additional security over the existing ones (especially AES). It is a clone of AES/SPN networks and only offers a different key schedule. On top of all of this, it is yet another 128-256 cipher which AES, Twofish, and Serpent already are. If any new ciphers are added in the future they should at least have a larger block & keysize. If you are concerned about the security of 1 cipher simply cascade 2 together, problem solved.

Development time is precious and it should be spent adding new features to VC that people want. It should not be wasted adding a FOURTH 128-256 cipher.
Apr 23, 2016 at 1:12 AM
supports the implementation of the new GOST R 34.12

but also should consider the option other promising algorithms

Camellia (cipher)
The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

Threefish (cipher)
According to the authors, the algorithm has a higher level of security than AES. It is an attack on 25 of the 72 rounds Threefish, while for AES - 6 10. Threefish safety factor Figure 2.9 is, in turn, AES only 1.7
Oct 22, 2016 at 5:16 PM
I would like to see Threefish (cipher) added because the block/ key size is bigger than all others!

Like at least 256 bit block size (512 bits, and 1024 bits also available), making it more secure than any other cipher currently present on VeraCrypt. The key sizes are of the same length as the block size.

A German person interested in Crypt called Prof. Dr. Michael Anders argues that even Threefish cipher with 1024 bits block and key size isn't secure enough to protect users properly like I already write here. He even proposes a different crypt algorithm that he uses in it's own free software based in a mixed of Threefish and its own cipher giving users a 4096 bit symmetric (!!) block size cipher.

Lets remember all current ciphers at VeraCrypt use only 128 bit blocks... even if you could count 3 mixed modes like 128+128+128 = 384 bit block size it would still need more 3685 bits in block size to be considered secure by Prof. Dr. Michael Anders!
Jan 21, 2017 at 12:24 AM
This got taken out of VeraCrypt, right? I'm curious why.
Jan 28, 2017 at 1:53 PM
ehheh1000 wrote:
This got taken out of VeraCrypt, right? I'm curious why.
Threefish never existed in VeraCrypt or TrueCrypt.

GOST89 was removed from VeraCrypt based on security audit.