The document summarizes Russian cryptography techniques, including block ciphers and modes of operation. It discusses the history of block ciphers and competitions like NIST AES. It specifically covers the Russian standards GOST 28147-89 and GOST R 34.12-2015 named Kuznyechik. It also reviews modes of operation like ECB, CBC, CTR, and padding techniques. Implementation results for Kuznyechik show encryption speeds of over 5GB/s on GPU. References are provided for further reading.

1. Russian cryptography: block ciphers
and modes of operation for them
Borodin Mikhail
Yekaterinburg, 2016

2. Contents
• Block cipher
• History of block ciphers
• GOST 28147-89
• КузНечиК, Kuznyechik
• Modes of operation for block ciphers

3. Block ciphers
basic block cipher: a cipher that implements a
reversible mapping of the set of plaintext blocks of the
fixed length to the set of chiphertext blocks of the same
length for any fixed key.

4. The NIST competition
• provide a high level of security
• be completely specified and easy to understand
• be economically implementable in electronic devices
• be available to all users
• be efficient to use
• be exportable
The security of the algorithm must reside in the key;
the security should not depend on the secrecy of the
algorithm.
The algorithm must:

5. The NIST competition, IBM «Lucifer»
IBM
Lucifer NIST
NSA
DES
What is
better?

6. DES
32-bit32-bit
Li-1 Ri-1
Li Ri
F+Ki
48-bit

7. The NIST competition, AES
Main requirements:
• block size of 128 bits
• three key lengths: 128, 192 and 256 bits
• free distribution
Additional requirements:
• easy hardware and software implementation of
used operations
• focus on 32-bit processors
• simple cipher structure for cryptanalysis
possibility.

8. AES, Rijndael
Input 128-bit
AddRoundKey
SubBytes
ShiftRows
MixColumns
AddRoundKey
SubBytes
ShiftRows
AddRoundKey
Output 128-bit
Nr-1
Input 128-bit
AddRoundKey
InvSubBytes
InvShiftRows
InvMixColumns
AddRoundKey
InvShiftRows
InvSubBytes
AddRoundKey
Output 128-bit
Nr-1
Encryption Decryption

9. GOST 28147-89
Main characteristics:
• block size of 64 bits
• key length of 256 bits
• based on Feistel network
• unfixed 4-to-4-bit S-boxes
• 32 rounds

10. GOST 28147-89
32-bit32-bit
Li-1 Ri-1
Li Ri
+ <<<11 S-box
F
Ki
32-bit

11. GOST 28147-89

12. GOST 28147-89
Disadvantages:
• small block length
• there are theoretical
attacks
Advantages:
• high-speed software and
hardware implementations
• there are compact
implementation
• the lack of practical attacks
Features:
• unfixed S-boxes
• simple key schedule

13. GOST R 34.12-2015
Main characteristics:
• block size of 128 bits
• key length of 256 bits
• based on SP-network
• 8-to-8-bit S-box
• recursive MDS-code
«КузНечиК», Kuznyechik

14. Kuznyechik
Input 128-bit
X
S
L
X
Output 128-bit
9
Encryption Decryption
Input 128-bit
X
Inv L
Inv S
X
Output 128-bit
9

15. Kuznyechik, implementations
Platform: i7-2600 @ 3.4GHz, Win7, Compiler
VS2008 x64:
• Encryption - 138 MB/sec (24 c/byte)
• Decryption - 120 MB/sec (27 c/byte)
NVIDIA GeForce GTX TITAN, CUDA-cores -2688,
GPU memory – 6 GB, Intel Core i7-4770K:
• Encryption - 5518 MB/sec

16. Modes of operation
• Electronic Codebook, ECB
• Counter, CTR
• Output Feedback, OFB
• Cipher Block Chaining, CBC
• Cipher Feedback, CFB
• Message Authentication Code algorithm

17. Padding
Let 𝐫 = 𝑷 𝐦𝐨𝐝 𝐧.
1. 𝑃 =
𝑃, if 𝑟 = 0
𝑃||0 𝑛−𝑟
, else
2. 𝑃||1||0 𝑛−𝑟−1
3. 𝑃 =
𝑃, if 𝑟 = 0
𝑃||1||0 𝑛−𝑟−1
, else
n-bit r-bitn-bit (n-r)-bit

18. Electronic Codebook, ECB

20. Counter, CTR

21. Output Feedback, OFB

22. Output Feedback, OFB

28. Cipher Block Chaining, CBC

29. Cipher Block Chaining, CBC

30. Cipher Feedback, CFB

31. Cipher Feedback, CFB

32. Message Authentication Code algorithm

33. Thank you
for your attention!

34. • ГОСТ Р 34.12–2015 "Информационная технология. Криптографическая защита информации.
Блочные шифры"
• ГОСТ Р 34.13–2015 "Информационная технология. Криптографическая защита информации. Режимы
работы блочных шифров"
• FIPS PUB 46-3", Data Encryption Standard (DES)”, January 15, 1977, 1999
• ISO/IEC 18033-3:2010 Information technology – Security techniques – Encryption algorithms – Part 3:
Block ciphers
• Schneier B. Applied cryptography: protocols, algorithms, and source code in C. – john wiley & sons, 2007
• Бондаренко А., Маршалко Г., Шишкин В. ГОСТ Р 34.12–2015: чего ожидать от нового стандарта? //
Information Security/ – 2015. – № 4. – С. 48–50
• http://competitions.cr.yp.to/aes.html
• https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
• A. Poschmann, S. Ling, H. Wang, 256 bit standardized crypto for 650 GE – GOST revisited, CHES 2010,
LNCS 6225, pp. 219-233, 2010
• С. Смышляев. Вопросы применимости российских криптоалгоритмов,
events.yandex.ru/events/meetings/24-july-2015/
• T. Isobe. A Single-Key Attack on the Full GOST Block Cipher, LNCS v. 6733, p. 290–305. Springer, 2011
• М. А. Бородин, А. С. Рыбкин «Высокоскоростные программные реализации блочного шифра
"Кузнечик"» Проблемы информационной безопасности. Компьютерные системы. - 2014. - № 3. - С.
67-73
• I. Dinur, O. Dunkelman, A. Shamir. Improved Attacks on Full GOST, eprint.iacr.org
• D. Fomin, Implementation of an XSL block cipher with MDS-matrix liner transformation on NVIDIA CUDA.
In 3rd Workshop on Current Trends in Cryptology (CTCrypt 2014)
• D. Fomin, A timing attack on CUDA implementations of an AES-type block cipher, CTCrypr 2015
Preproceedings, Kazan, 2015.