algorithms:14

**This is an old revision of the document!**

The Russian Federation has recently published the project of new standard for block encryption algorithm. This is still a project which has not been formally validated and approved yet.

This algorithm called Gost - Grasshopper intends to supersede (in the future) the current GOST 28147-89 algorithm (64-bit block and 256-bit key, Feistel structure).

I have translated the text from Russian which relates to the Grasshopper algorithm and implemented this new algorithm in C language, using the test vectors sets provided in the reference document. The translation is available here while the source code (under GPLv3) is given here.

I have performed a first quick analysis of the new GOST Grasshopper algorithm and here are the first observations I have made (of course this analysis needs to be pushed on further):

- Contrary to the GOST 28147-89 algorithm, GOST Grasshopper belongs to the SPN family (Substitution Permutation Network), an block encryption algorithm family which contains the AES (Rijndael).
- The main features are: 128-bit blocks (plaintext, ciphertext), a 256-bit master key from which 10 128-bit subkeys are derived according to highly nonlinear process, 10 rounds. The general structure is then very common to SPN and is sketched as follows

- The statistical analysis of the cipher does not reveal any statistical bias and has passed all the tests (performed with NIST STS SP800-22 revision 1 and L'ecuyer & Simard's TESTU01 suite). Gost Grasshopper seems to have far better algebraic and combinatorial complexities that the existing SPN and especially than the AES (whose relatively weak algebraic complexity has been pinpointed by several cryptographers). Further analyses have to be conducted to confirm this initial result.

Gost Grasshopper seems to be a very promising algorithm both for its speed encryption and for its high cryptogaphic security. Upon confirmation, it should be included soon in the GostCrypt Suite with the same approach and settings (variable S-Box [Substitution S in the reference document], S-Box mutation based on the user's master key, 512-byte cluster ID used as salt value).

Have a nice day.

E.F.

algorithms/14.1420822178.txt.gz · Last modified: 2016/01/20 18:10 (external edit)