My apologies for the delay, I had forgotten the draft message.

From: "Alexander Klimov" <>
Subject: Attacks against GOST? Was: Protocol Construction

On Sun, 2 Aug 2009, Joseph Ashwood wrote:
> So far, evidence supports the idea that the stereotypical Soviet
> tendency to overdesign might have been a better plan after all,
> because the paranoia about future discoveries and breaks that
> motivated that overdesign is being regularly proven out.

And that is why Kelsey found an attack on GOST

Do you want to say that the GOST (28147-89) block cipher is broken? I
have never heard of an attack against it that is faster than the
exhaustive search.

I just said there are attacks, the situation is open for interpretation because of the nature of the attacks and the unknown S-box. Kelsey and Schneier published the first related key attack in 1996, in 1997 Kelsey enhanced the attack. My point was that the proposed method of boosting security (increased key size and rounds) does not necessarily correlate to increased security and since GOST was given as an example of how to do it "right" the attacks by Kelsey, et al mattered.

By the way, it was not "overdesign" (IMO it is simpler even than DES),
nor it was an example of "the stereotypical Soviet..." According to an
informed source [1], it was specifically made to be not like military
ciphers:  its only purpose was to make something for non-military
cryptography that would not betray any Soviet cryptographic know-how
(this is why they chose to do something very similar to DES).

Good to know, I didn't remember that part.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to