This project has moved and is read-only. For the latest updates, please go here.
11
Vote

Add encryption algorithm GOST R 34.12-2015

description

Russian user "Eloquence" has requested that the encryption algorithm GOST R 34.12-2015 be added to VeraCrypt and has pointed to freely available source code...

====== Request from "Eloquence" at https://veracrypt.codeplex.com/discussions/648968
Was recently completed the development of a new encryption algorithm GOST R 34.12-2015. The protection level is quite high. Myself use this algorithm as a plugin for KeePass. VERY much want to put this algorithm in VeraCrypt.
Plugin for KeePass + Source code: https://github.com/yaruson/GostPlugin
Source code: http://tc26.ru/standard/draft/PR_GOSTR-bch_v3.zip
Documentation(Russian): http://tc26.ru/standard/gost/GOST_R_3412-2015.pdf

P.S. This encryption algorithm has been adopted in Russia as the basis of data protection and will be applied in all public authorities, including organs of state security from 01.01.2016 year.
P.P.S Pleeease add this algorithm. I specifically joined the site to ask about this.

comments

70Paul90 wrote Dec 20, 2015 at 8:55 PM

The block size is small with 64bits and it has several weaknesses, not to mention its 40 years old.

"Despite its apparently strong construction, GOST is vulnerable to generic attacks based on its short (64-bit) block size, and should therefore never be used in contexts where more than 232 blocks could be encrypted with the same key.

Since 2007, several attacks were developed against GOST implementations with reduced number of rounds and/or keys with additional special properties.[6][7]

In 2011 several authors discovered more significant flaws in GOST cipher, being able to attack full 32-round GOST with arbitrary keys for the first time. It has been even called "a deeply flawed cipher" by Nicolas Courtois.[8] First attacks were able to reduce time complexity from 2^{256} to 2^{228} at the cost of huge memory requirements,[9] and soon they were improved up to 2^{178} time complexity (at the cost of 2^{70} memory and 2^{64} data).[10]

As of December 2012 the best known attack on GOST (2^{101}).[11]

GOST has been submitted to ISO standardization in 2010."

[https://en.wikipedia.org/wiki/GOST_%28block_cipher%29]

idrassi wrote Dec 20, 2015 at 9:00 PM

Hi 70Paul90,

You confusing the newer GOST R 34.12-2015 with the older GOST 28147-89. The text above applies to the older GOST. The new GOST (also called Kuznyechik) is a 128-bit block cipher and it doesn't suffer from the issue affecting its older relative.

70Paul90 wrote Dec 20, 2015 at 9:23 PM

Thanks Monuir

It sounds like it could be better than Serpent, if it performs well :)

Regards Paul.

commenter8 wrote Dec 25, 2015 at 1:58 PM

User maggendalf has pointed out the following:

See this: https://www.gostcrypt.org/wiki/doku.php?id=algorithms:14
You can use the source code from gostcrypt: https://drive.google.com/file/d/0B6BlkqAoxXq1bDJURGRhamtPb00/view?usp=sharing

And you can add russian hash function GOST R 34.11-2012(from gostcrypt) to use with this algorithm(GOST R 34.12-2015)

rodrigo1996 wrote Apr 23, 2016 at 1:02 AM

supports the implementation of the new GOST R 34.12


but also should consider the option other promising algorithms


Camellia (cipher)
The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

https://en.wikipedia.org/wiki/Camellia_%28cipher%29



Threefish (cipher)
According to the authors, the algorithm has a higher level of security than AES. It is an attack on 25 of the 72 rounds Threefish, while for AES - 6 10. Threefish safety factor Figure 2.9 is, in turn, AES only 1.7

https://ru.wikipedia.org/wiki/Threefish

noropheos wrote May 18, 2016 at 8:42 PM

I think this question on SO should be considered and discussed before GOST will be implemented:

http://security.stackexchange.com/questions/123432/known-vulnerabilities-of-gost

idrassi wrote May 24, 2016 at 9:00 PM

Many people confuse GOST-89 with GOST-2012.

This feature request is specifically for GOST-2012 which is not broken yet, neither academically nor practically.

As for GOST-89, not all vulnerabilities are born equal: the best attack needs 2^101 (which is below the 128-bit safety margin) but it requires storing 2^111 chosen plain texts!!
This is a enormous amount of storage and you have to multiply it by the number of keys you are attacking.

Just to give an idea: 2^111 = 2x10^33 = 2 x 10^9 yottabyte.
As noted in the Wikipedia article above, 1 yottabyte requires at least 800000 cubic meters of storage. Here we need 2 Billions yottabytes...

Anyway, many people tend to forget that theoretical attacks requires storage space that can cost hundreds of billions of Euros.