[Cfrg] Vulgarized explanations on the Russian S-box

Leo Perrin <leo.perrin@inria.fr> Sun, 24 March 2019 09:54 UTC

Return-Path: <leo.perrin@inria.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 636E6127979 for <cfrg@ietfa.amsl.com>; Sun, 24 Mar 2019 02:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A_MzSaTyjQHN for <cfrg@ietfa.amsl.com>; Sun, 24 Mar 2019 02:54:12 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B14E12785F for <cfrg@irtf.org>; Sun, 24 Mar 2019 02:54:11 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.60,256,1549926000"; d="scan'208,217";a="375471500"
X-MGA-submission: MDFsd7HuHTLcPsx17+D3X3svSaFokH/q4zvwyhtnIYCO4egJD2dimCDUkZZYiDGKwCrUDlSQ8fRai9P6YX/sSpUZnwjp/ngFH1tP8qjMp2v+n0R53g3Z6Rc46QRC97pE+3LtwRHYjIWYP6Tnv9dgCdqzKqAynhYR9h3afOZNhcbEaw==
Received: from zcs-store2.inria.fr ([128.93.142.29]) by mail2-relais-roc.national.inria.fr with ESMTP; 24 Mar 2019 10:54:09 +0100
Date: Sun, 24 Mar 2019 10:54:09 +0100
From: Leo Perrin <leo.perrin@inria.fr>
To: cfrg <cfrg@irtf.org>
Message-ID: <1735276178.1878431.1553421249214.JavaMail.zimbra@inria.fr>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_9d681a83-f791-4797-8935-ae87052a6775"
X-Originating-IP: [46.193.64.114]
X-Mailer: Zimbra 8.7.11_GA_3789 (ZimbraWebClient - FF65 (Linux)/8.7.11_GA_3789)
Thread-Index: gLD5yW19QNUup9wtEro1ZKdYT4C6Vg==
Thread-Topic: Vulgarized explanations on the Russian S-box
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/WZiqW0-UzdBLHMC05q1aavYrMn0>
Subject: [Cfrg] Vulgarized explanations on the Russian S-box
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2019 09:54:14 -0000

Dear members, 

I have written detailed and (I hope) vulgarized explanations of my results on the Russian S-box which is used in RFC 6986 and RFC 7801. I provide some more information about the claims of the designers (in particular that they claim to have lost their generation algorithm...) and then argue that, until the designers of these algorithms clarify their design process, neither Kuznyechik nor Streebog should be used. 

Here is the link: https://who.paris.inria.fr/Leo.Perrin/pi.html 

Best regards, 

/Léo