гост (МАГМА) шифр ( GOST MAGMA Cipher )

History

This is a Fiestel Cipher Based Encryption on 64 bit blocks as per Specs Defined by Russian Union Standards. There is not much Information about this Cipher Developed by the Soviet Union During the time when NSA Developed DES- 56. This Remained as an Alternative

Structure

This is a Symmetric Key Block Cipher With Profile:

  Network     : Fiestel 
  Block Size  : 64 bits  
  Key Size    : 256 bits
  SubKey Size : 32 bits
  No Of Rounds: 32 Rounds
  S-Box       : 8x16 
  Split-Size  : 32 bits

Details

1.Inputs

Key : 256 bit 
Message(hex) : n bit (will be divided into 64 bit blocks)

My Comments

The key should be generated using a PseudoRandom Bit Generator ( 256 bits ). Please Refer MersenneTwister BlumBlumShub PRNG in my Repository.

Try Setting a script to generate 256 PseudoRandomly generated bits . This will be your Key. I'll leave it to your discretion .

2.S-BOX

The initial implementation By the KGB (Soviet Union's Version of NSA) was classified . The initial S-Boxes were mandated bu the Soviet Union and were kept secret to the public. The S-Boxes were seperately to GOST Chip Manufacturers (Again being KGB had Inherent Intended Backdoor).

But.. The De-classified GOST_R_3412-2015 has the S-Box used in this implementation.

The Central Bank of Russian Federation used a different S-Box that was intended to have backdoors for the KGB to break into . Ideally speaking the S-Box is the Heart of any cipher .

3.Transformations :

There are other functions that are given in the specification, but i am explicitly mentioning the below 2 transformations. The other Transformations given in the paper are implicit (as in implemented implicitly).

1.T-Transformation.

---

GOST MAGMA uses Non-Linear Bijective Function (Essentially a Fancy term for Substitution ) being Non Linear . Let

π be the Substitution Transformation from S-Box Defined Above.

Transformation be defined from V₃₂ -> V₃₂ (Meaning 32 bit vector space Mapping)

|| Refer to Concat Operation.

V₃₂ -> V₃₂ : t(a)=t(a₇.....|| a₀) = π₇||...|| π₀.

Where a=(a₇.....|| a₀) ϵ V₃₂ , a_i ϵ V₄ , i=(0...7)

---

2.g-Transformation.

---

V₃₂ -> V₃₂ : g[k] (a₁,a₀)=t((V₃₂(a+k)))<<< 11 ,

Where a_i ϵ V₃₂ and ' + 'refer to addition modulo 2³²

---

3.Key Distribution :

The Cipher uses 256 bit Keys and uses Iterative Sub Key For Every Round from the parent Key

Initial Sub Keys For Round 1-8,9-16,17-24 K1= K255||..||K224 K2= K223||..||K192 . . . . . . . . . . . . K8= K31||.. ||K0

Final 25-32 Round

Reverse the Order from K8->K1 To Summarise:

           Round (1->8(incl)) : MSB->LSB (32bit split) ===>Ascending Phase
            Round (9->16(incl)) : MSB->LSB (32bit split) ===> Ascending Phase
            Round (17->24(incl)) : MSB->LSB (32bit split) ===> Ascending Phase
            Round (25->32(incl)) : LSB->MSB (32bit split) ===> Descending Phase

4. Encryption:

This uses a Fiestel Cipher System where we initially Obtain all the subkeys and Flatten the 2d matrix to 1d for convenience sake

1.Split Message into Left And Right (32-bits)

2. Cycle Fiestel Rounds till 31 round (Left,Right)= (Right,Left^g_function(Right,(key[i]))) This is the Implicit G Function (Different from g Function)

3. For the Last Round Perform ((Left^g_function(Right,(key[-1])))<<32 )^Right This is Another implicit function G^* Function defined in the paper.

5. Decryption:

The Decryption is literally the reverse for Encryption We cycle from the Last round to Round 2 applying the same Transformation.

For the Round 1 Perform ((Left^g_function(Right,(key[0])))<<32 )^Right