World Library  
Flag as Inappropriate
Email this Article


Article Id: WHEBN0047024355
Reproduction Date:

Title: Streebog  
Author: World Heritage Encyclopedia
Language: English
Subject: GOST (hash function), Lane (hash function), Data Authentication Algorithm, CWC mode, MDC-2
Publisher: World Heritage Encyclopedia


Designers FSB, InfoTeCS JSC
First published 2012
Related to GOST
Certification GOST standard
Digest sizes 256 and 512
Rounds 12
Best public cryptanalysis
Second preimage attack with 2266 time complexity[1]

Streebog is a cryptographic hash function defined in the Russian national standard GOST R 34.11-2012 Information Technology - Cryptographic Information Security - Hash Function. It was created to replace an obsolete GOST hash function defined in the old standard GOST R 34.11-94, and as an asymmetric reply to SHA-3 competition by the US National Institute of Standards and Technology.[2] The function is also described in RFC 6986.


  • Description 1
  • Examples of Streebog hashes 2
  • Cryptanalysis 3
  • References 4


Streebog is a family of two hash functions, Streebog-256 and Streebog-512, that produce output 256-bit or 512-bit hash respectively from a bit string of arbitrary size using the Merkle-Damgård construction.[3] The high-level structure of the new hash function resembles the one from GOST R 34.11-94, however, the compression function was changed significantly.[4] The compression function operates in Miyaguchi-Preneel mode and employs a 12-round AES-like cipher.

The function was named Streebog after the god of rash wind in ancient Slavic mythology,[5] and is often referred by this name, even though it is not explicitly mentioned in the text of the standard.[6]

Examples of Streebog hashes

Hash values of empty string.

0x 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
0x 8e945da209aa869f0455928529bcae4679e9873ab707b55315f56ceb98bef0a7 \

Even a small change in the message will (with overwhelming probability) result in a mostly different hash, due to the avalanche effect. For example, adding a period to the end of the sentence:

Streebog-256("The quick brown fox jumps over the lazy dog")
0x 3e7dea7f2384b6c5a3d0e24aaa29c05e89ddd762145030ec22c71a6db8b2c1f4
Streebog-256("The quick brown fox jumps over the lazy dog.")
0x 36816a824dcbe7d6171aa58500741f2ea2757ae2e1784ab72c5c3c6c198d71da


In 2013 the Russian Technical Committee for Standardization “Cryptography and Security Mechanisms” (TC 26) with the participation of Academy of Cryptography of the Russian Federation declared an open competition for cryptanalysis of Streebog hash function,[7] which attracted the international attention to the function.

Bingke Ma, Bao Li, Ronglin Hao, and Xiaoqian Li in their work "Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function" describe a preimage attack that takes 2496 time and 264 memory or 2504 time and 211 memory to find a single preimage of GOST-512 reduced to 6 rounds.[8] They also describe collision attack with 2181 time complexity and 264 memory requirement in the same paper.

J. Guo, J. Jean, G. Leurent, T. Peyrin, and L. Wang in their work “The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function” describe a second preimage attack on full Streebog-512 with total time complexity equivalent to 2266 compression function evaluations, if the message has more than 2259 blocks.[1]

Riham AlTawy and Amr M. Youssef published an attack to a modified version of Streebog with different round constants.[9] While this attack may not have a direct impact on the security of the original Streebog hash function, it raised a question about the origin of the used parameters in the function. The designers published a paper explaining that these are pseudorandom constants generated with Streebog-like hash function, provided with 12 different natural language input messages.[10]

Riham AlTawy, Aleksandar Kircanski and Amr M. Youssef found 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities 28 and 240, respectively, as well as attacks on the compression function with 7.75 round semi free-start collision with time complexity 2184 and memory complexity 28, 8.75 and 9.75 round semi free-start near collisions with time complexities 2120 and 2196, respectively.[11]

Zongyue Wang, Hongbo Yu and Xiaoyun Wang describe a collision attack on the compression function reduced to 9.5 rounds with 2176 time complexity and 2128 memory complexity.[12]


  1. ^ a b Jian Guo, Jérémy Jean, Gaëtan Leurent, Thomas Peyrin, Lei Wang (2014-08-29). The Usage of Counter Revisited: Second-Preimage Attack on New Russian Standardized Hash Function. SAC 2014. 
  2. ^ Asymmetric Reply to SHA-3: Russian Hash Function Draft Standard
  3. ^ StriBob: Authenticated Encryption from GOST R 34.11-2012 LPS Permutation
  4. ^ Algebraic Aspects of the Russian Hash Standard GOST R 34.11-2012
  5. ^ GOST R 34.11-2012: Streebog Hash Function
  6. ^ Full text of GOST R 34.11-2012 standard (Russian)
  7. ^ Open Research Papers Competition dedicated to analysis of cryptographic properties of the hash-function GOST R 34.11-2012
  8. ^ Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function (Full Version)
  9. ^ Watch your Constants: Malicious Streebog
  10. ^ Note on Streebog constants origin
  11. ^ Rebound attacks on Stribog
  12. ^ Zongyue Wang, Hongbo Yu, Xiaoyun Wang (2013-09-10). "Cryptanalysis of GOST R hash function". Information Processing Letters 114 (12): pages 655–662. 
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.