Unkeyed cryptographic

Streebog (GOST R 34.11-2012)

Russia’s national cryptographic hash function, standardized as GOST R 34.11-2012 by the Russian Federal Standards body and added to ISO/IEC 10118-3 in 2018. Two output sizes (256 and 512 bits), built on an AES-class permutation. Replaces the older GOST R 34.11-94, which was broken in 2008.

At a glance

Construction

Streebog uses a compression function built on a 512-bit AES-like permutation with 12 rounds. The S-box and round structure are original Russian designs; the wide-trail strategy is in the same family as AES’s. A length-encoded finalization step prevents length-extension.

Where it shows up

• Russian government and banking systems , mandated where federal cryptographic compliance is required.
• HMAC-Streebog , companion MAC in TLS over the Russian crypto suite.
• Yandex services, Sberbank infrastructure.
• OpenSSL 3.x , supported via the GOST engine.

Security status

Best known cryptanalysis (AlTawy et al., 2013-2014) covers reduced rounds. Full Streebog has no practical break. The selection process (Russian Federal Standards Authority, 2010s) was less open than NIST’s SHA-3 competition, but the standardized algorithm has received public scrutiny since publication.

References

• RFC 6986 , GOST R 34.11-2012: Hash Function
• AlTawy, R., Kircanski, A., Youssef, A., “Rebound Attacks on Stribog,” ICISC 2013.
• SM3 · Whirlpool