2015 Volume E98.A Issue 10 Pages 2194-2198
In this letter, we present a meet-in-the-middle attack on the 5-round reduced Kuznyechik cipher which has been recently chosen to be standardized by the Russian federation. Our attack is based on the differential enumeration approach. However, the application of the exact approach is not successful on Kuznyechik due to its optimal round diffusion properties. Accordingly, we adopt an equivalent representation for the last round where we can efficiently filter ciphertext pairs and launch the attack in the chosen ciphertext setting. We also utilize partial sequence matching which further reduces the memory and time complexities. For the 5-round reduced cipher, the 256-bit master key is recovered with an online time complexity of 2140.3, a memory complexity of 2153.3, and a data complexity of 2113.