Kuznyechik

Kuznyechik (Russian: Кузнечик, literally: "grasshopper") is a symmetrical block cipher . It has a block size of 128-bit and a key length of 256-bit. The cipher is defined in the national standard of Russia GOST R 34.12-2015 in English and also in RFC 7801 .

The name of the cipher comes from the Russian word for grasshopper, although the standard explicitly mentions that the English name is Kuznyechik . The developers said they wanted to follow the trend of hard-to-pronounce names for algorithms like Rijndael and Keccak .

The GOST R 34.12-2015 standard defines the new cipher as an addition to the old GOST block cipher.

Kuznyechik is based on the substitution-permutation network , with the key schedule using the Feistel network .

VeraCrypt (descendant of TrueCrypt ) offers Kuznyechik as one of the encryption algorithms.

Designation

${\ displaystyle \ mathbb {F}}$ - Finite body . ${\ displaystyle GF (2 ^ {8})}$ ${\ displaystyle x ^ {8} + x ^ {7} + x ^ {6} + x + 1}$

${\ displaystyle Bin_ {8}: \ mathbb {Z} _ {p} \ rightarrow V_ {8}}$ - ( ) ${\ displaystyle \ mathbb {Z} _ {p}}$ ${\ displaystyle p = 2 ^ {8}}$

${\ displaystyle {Bin_ {8}} ^ {- 1}: V_ {8} \ rightarrow \ mathbb {Z} _ {p}}$ - . ${\ displaystyle Bin_ {8}}$

${\ displaystyle \ delta: V_ {8} \ rightarrow \ mathbb {F}}$ - . ${\ displaystyle \ mathbb {F}}$

${\ displaystyle \ delta ^ {- 1}: \ mathbb {F} \ rightarrow V_ {8}}$ - ${\ displaystyle \ delta}$

description

The following is specified for encryption, decryption and key generation:

${\ displaystyle Add_ {2} [k] (a) = k \ oplus a}$ , where , are binary strings of the form ... ( is string concatenation ). ${\ displaystyle k}$ ${\ displaystyle a}$ ${\ displaystyle a = a_ {15} ||}$ ${\ displaystyle || a_ {0}}$ ${\ displaystyle ||}$

${\ displaystyle N (a) = S (a_ {15}) ||}$ ... is an inverted transformation of . ${\ displaystyle || S (a_ {0}). ~~ N ^ {- 1} (a)}$ ${\ displaystyle N (a)}$

${\ displaystyle G (a) = \ delta (a_ {15},}$ ... ... ${\ displaystyle, a_ {0}) || a_ {15} ||}$ ${\ displaystyle || a_ {1}.}$

${\ displaystyle G ^ {- 1} (a)}$ - inverted transformation of , ... ... ${\ displaystyle G (a)}$ ${\ displaystyle G ^ {- 1} (a) = a_ {14} || a_ {13} ||}$ ${\ displaystyle || a_ {0} || \ delta (a_ {14}, a_ {13},}$ ${\ displaystyle, a_ {0}, a_ {15}).}$

${\ displaystyle H (a) = G ^ {16} (a)}$ , where - composition of the transformations of and etc. ${\ displaystyle G ^ {16}}$ ${\ displaystyle G ^ {15}}$ ${\ displaystyle G}$

${\ displaystyle F [k] (a_ {1}, a_ {0}) = (HNAdd_ {2} [k] (a_ {1}) \ oplus a_ {0}, a_ {1}).}$

The nonlinear transformation

The nonlinear transformation is given by substituting the following:

S = Bin ₈ S 'Bin ₈⁻¹ .

Values of the substitution S ' are given as an array S' = (S '(0), S' (1), ..., S '(255)) :

${\ displaystyle S '= (252,238,221,17,207,110,49,22,251,196,250,218,35,197,4,77,233,}$ ${\ displaystyle 119,240,219,147,46,153,186,23,54,241,187,20,205,95,193,249,24,101,}$ ${\ displaystyle 90,226,92,239,33,129,28,60,66,139,1,142,79,5,132,2,174,227,106,143,}$ ${\ displaystyle 160,6,11,237,152,127,212,211,31,235,52,44,81,234,200,72,171,242,42,}$ ${\ displaystyle 104,162,253,58,206,204,181,112,14,86,8,12,118,18,191,114,19,71,156,}$ ${\ displaystyle 183,93,135,21,161,150,41,16,123,154,199,243,145,120,111,157,158,178,}$ ${\ displaystyle 177,50,117,25,61,255,53,138,126,109,84,198,128,195,189,13,87,223,}$ ${\ displaystyle 245,36,169,62,168,67,201,215,121,214,246,124,34,185,3,224,15,236,}$ ${\ displaystyle 222,122,148,176,188,220,232,40,80,78,51,10,74,167,151,96,115,30,0,}$ ${\ displaystyle 98,68,26,184,56,130,100,159,38,65,173,69,70,146,39,94,85,47,140,163,}$ ${\ displaystyle 165,125,105,213,149,59,7,88,179,64,134,172,29,247,48,55,107,228,136,}$ ${\ displaystyle 217,231,137,225,27,131,73,76,63,248,254,141,83,170,144,202,216,133,}$ ${\ displaystyle 97,32,113,103,164,45,43,9,91,203,155,37,208,190,229,108,82,89,166,}$ ${\ displaystyle 116,210,230,244,180,192,209,102,175,194,57,75,99,182).}$

Linear transformation

${\ displaystyle \ gamma}$ : ... ${\ displaystyle \ gamma (a_ {15},}$ ${\ displaystyle, a_ {0}) = \ delta ^ {- 1} ~ (148 * \ delta (a_ {15}) + 32 * \ delta (a_ {14}) + 133 * \ delta (a_ {13} ) + 16 * \ delta (a_ {12}) +}$ ${\ displaystyle 194 * \ delta (a_ {11}) + 192 * \ delta (a_ {10}) + 1 * \ delta (a_ {9}) + 251 * \ delta (a_ {8}) + 1 * \ delta (a_ {7}) + 192 * \ delta (a_ {6}) +}$ ${\ displaystyle 194 * \ delta (a_ {5}) + 16 * \ delta (a_ {4}) + 133 * \ delta (a_ {3}) + 32 * \ delta (a_ {2}) + 148 * \ delta (a_ {1}) + 1 * \ delta (a_ {0})),}$

Operations of addition and multiplication are performed in the field . ${\ displaystyle \ mathbb {F}}$

Key generation

The key generation algorithm uses the iterative constant t , i = 1,2,… 32 and sets the shared keys as: … . ${\ displaystyle C_ {i} = H (Bin_ {128} (i))}$ ${\ displaystyle K = k_ {255} ||}$ ${\ displaystyle || k_ {0}}$

Iterated keys

${\ displaystyle K_ {1} = k_ {255} ||}$ ... ${\ displaystyle || k_ {128}}$

${\ displaystyle K_ {2} = k_ {127} ||}$ ... ${\ displaystyle || k_ {0}}$

${\ displaystyle (K_ {2i + 1}, K_ {2i + 2}) = F [C_ {8 (i-1) +8}]}$ ... ${\ displaystyle F [C_ {8 (i-1) +1}] (K_ {2i + 1}, K_ {2i}), i = 1,2,3,4.}$

Encryption algorithm

${\ displaystyle E (a) = Add_ {2} [K_ {10}] HNAdd_ {2} [K_ {9}]}$ ... where a - 128-bit string. ${\ displaystyle HNAdd_ {2} [K_ {2}] HNAdd_ {2} [K_ {1}] (a),}$

Decryption algorithm

${\ displaystyle D (a) = Add_ {2} [K_ {1}] H ^ {- 1} N ^ {- 1} Add_ {2} [K_ {2}]}$ ... ${\ displaystyle H ^ {- 1} N ^ {- 1} Add_ {2} [K_ {9}] H ^ {- 1} N ^ {- 1} Add_ {2} [K_ {10}] (a) .}$

Adaptation

VeraCrypt , the encryption software known worldwide, uses Kuznyechik as one of the popular encryption algorithms.

Individual evidence

↑ Vasily Dolmatov <dol@srcc.msu.ru>: GOST R 34.12-2015: Block Cipher "Kuznyechik". Retrieved May 25, 2020 (English).
↑ Groteck Business Media: ГОСТ Р 34.12–2015: чего ожидать от нового стандарта? | ITSec.Ru. Retrieved May 25, 2020 (English).
↑ VeraCrypt - Free Open Source Disk Encryption with Strong Security for the Paranoid. Retrieved May 25, 2020 .

[1] Vasily Dolmatov <dol@srcc.msu.ru>: GOST R 34.12-2015: Block Cipher "Kuznyechik". Retrieved May 25, 2020 (English).

[2] Groteck Business Media: ГОСТ Р 34.12–2015: чего ожидать от нового стандарта? | ITSec.Ru. Retrieved May 25, 2020 (English).

[3] VeraCrypt - Free Open Source Disk Encryption with Strong Security for the Paranoid. Retrieved May 25, 2020 .