Algebraic Fault Analysis on GOST for Key Recovery and Reverse Engineering

GOST is a well-known block cipher as the official encryption standard for the Russian Federation. A special feature of GOST is that its eight S-boxes can be secret. However, most of the researches on GOST assume that the design of these S-boxes is known. In this paper, the security of GOST against side-channel attacks is examined with algebraic fault analysis (AFA), which combines the algebraic cryptanalysis with the fault attack. Three AFAs on GOST, which have different attack goals in different scenarios, are investigated. The results show that 8 fault injections are required to recover the secret key when the full design of GOST is known, which is less than 64 fault injections required in previous work. 64 fault injections are required to recover the eight unknown S-boxes assuming the key is known. 270 fault injections are required to recover the key and the eight S-boxes when both are unknown. The results prove that AFA is very effective and keeping some components in a cipher secret cannot guarantee its security against fault attacks.