Fault Analysis of the New Ukrainian Hash Function Standard: Kupyna

  • Onur DumanEmail author
  • Amr Youssef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11358)


Kupyna has been selected by the Ukrainian government as the new national hash function standard in 2015. In this paper, we apply two fault attacks on Kupyna. In the first attack, we assume that the attacker knows all the hash parameters and aims to recover the input to the hash function. We experiment using three different fault models which are random byte fault model, known byte unique fault model and known byte random fault model. In the second fault attack, we assume that the attacker does not know the entries of the SBoxes used in Kupyna and aims to recover the SBox entries. Our experimental results in both attacks illustrate the importance of protecting implementations of Kupyna against fault analysis attacks.


Cryptanalysis Kupyna Hash Streebog Grøstl DFA IFA DSTU 7564:2014 


  1. 1.
    GOST R 34.11-2012: Streebog Hash Function. Accessed 10 Nov 2017
  2. 2.
    AlTawy, R., Youssef, A.M.: Differential fault analysis of streebog. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 35–49. Springer, Cham (2015). Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). Scholar
  5. 5.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptology 14(2), 101–119 (2001)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Clavier, C., Wurcker, A.: Reverse engineering of a secret AES-like cipher by ineffective fault analysis. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 119–128, August 2013Google Scholar
  7. 7.
    Dobraunig, C., Eichlseder, M., Mendel, F.: Analysis of the Kupyna-256 hash function. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 575–590. Springer, Heidelberg (2016). Scholar
  8. 8.
    Duman, O., Youssef, A.M.: Fault analysis on Kalyna. Inf. Secur. J. Global Persp. 26(5), 249–265 (2017)CrossRefGoogle Scholar
  9. 9.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003). Scholar
  10. 10.
    Fischer, W., Reuter, C.A.: Differential fault analysis on Grøstl. In: 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 44–54, September 2012Google Scholar
  11. 11.
    Jian Zou, L.D.: Cryptanalysis of the Round-Reduced Kupyna Hash Function. Cryptology ePrint Archive, Report 2015/959 (2015).
  12. 12.
    Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography, vol. 147. Springer, Berlin (2012).
  13. 13.
    Kim, C.H., Quisquater, J.J.: Faults, injection methods, and fault attacks. IEEE Des. Test Comput. 24(6), 544–545 (2007)CrossRefGoogle Scholar
  14. 14.
    Li, R., Li, C., Gong, C.: Differential fault analysis on SHACAL-1. In: 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 120–126, September 2009Google Scholar
  15. 15.
    Mendel, F., Pramstaller, N., Rechberger, C.: A (second) preimage attack on the GOST hash function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 224–234. Springer, Heidelberg (2008). Scholar
  16. 16.
    Mendel, F., Pramstaller, N., Rechberger, C., Kontak, M., Szmidt, J.: Cryptanalysis of the GOST hash function. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 162–178. Springer, Heidelberg (2008). Scholar
  17. 17.
    Oliynykov, R., et al.: A New Standard of Ukraine: The Kupyna Hash Function. Cryptology ePrint Archive, Report 2015/885 (2015).
  18. 18.
    Oliynykov, R., et al.: A new encryption standard of Ukraine: the Kalyna block cipher. Cryptology ePrint Archive, Report 2015/650 (2015).
  19. 19.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). Scholar
  20. 20.
    Zhang Xiaojuan, X.F., Lin, D.: Fault attack on the authenticated cipher ACORN v2. Secur. Commun. Netw. 2017, 16 (2017). Article ID 3834685Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontréalCanada

Personalised recommendations