The article presents the study of cryptographic transformations of the Kuznyechik algorithm in relation to differential analysis and the translation of their representations into a more convenient form for cryptanalysis. A simplification of the type of transformations of the algorithm to algebraic the form, in which cryptanalysis software will be more effective. Since the description of the algorithm in the analytical form allows for 16 cycles of execution of the shift register with linear feedback, each of which will be carried out 16 operations of multiplication and 15 operations of addition, reduced to 16 multiplying and 15 the operations of addition. The result is an algebraic form of a linear transformation (from a shift register with linear feedback to the multiplication of the matrix in a finite field). In the future, the algebraic type of transformation can be used to effectively carry out differential cryptanalysis.

1. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017
Issue 03, Volume 6 (March 2019) www.ijiris.com
IJIRIS: Mendeley (Elsevier Indexed) CiteFactor Journal Citations Impact Factor 1.23
Impact Factor Value – SJIF: Innospace, Morocco (2016): 4.651| Indexcopernicus: (ICV 2016): 88.20
© 2014- 19, IJIRIS- All Rights Reserved Page -38
REPRESENTATION OF THE BLOCK DATA ENCRYPTION
ALGORITHM IN AN ANALYTICAL FORM FOR
DIFFERENTIAL CRYPTANALYSIS
Gayrat Juraev
Department of Information Security, Faculty of Mathematics,
National University of Uzbekistan named after Mirzo Ulugbek, City Tashkent, Uzbekistan
gjuraev@mail.ru
Avazjon Marakhimov
National University of Uzbekistan named after Mirzo Ulugbek, City Tashkent, Uzbekistan,
rector@nuu.uz
Manuscript History
Number: IJIRIS/RS/Vol.06/Issue03/MRIS10081
DOI: 10.26562/IJIRAE.2019.MRIS10081
Received: 03, March 2019
Final Correction: 10, March 2019
Final Accepted: 16, March 2019
Published: March 2019
Citation: Gayrat & Avazjon (2019). REPRESENTATION OF THE BLOCK DATA ENCRYPTION ALGORITHM IN AN
ANALYTICAL FORM FOR DIFFERENTIAL CRYPTANALYSIS. IJIRIS:: International Journal of Innovative Research in
Information Security, Volume VI, 38-42. doi: 10.26562/IJIRIS.2019.MRIS10081
Editor: Dr.A.Arul L.S, Chief Editor, IJIRIS, AM Publications, India
Copyright: ©2019 This is an open access article distributed under the terms of the Creative Commons Attribution
License, Which Permits unrestricted use, distribution, and reproduction in any medium, provided the original author
and source are credited
Abstract - The article presents the study of cryptographic transformations of the Kuznyechik algorithm in relation
to differential analysis and the translation of their representations into a more convenient form for cryptanalysis. A
simplification of the type of transformations of the algorithm to algebraic the form, in which cryptanalysis software
will be more effective. Since the description of the algorithm in the analytical form allows for 16 cycles of execution
of the shift register with linear feedback, each of which will be carried out 16 operations of multiplication and 15
operations of addition, reduced to 16 multiplying and 15 the operations of addition. The result is an algebraic form
of a linear transformation (from a shift register with linear feedback to the multiplication of the matrix in a finite
field). In the future, the algebraic type of transformation can be used to effectively carry out differential
cryptanalysis.
Keywords - block cipher; symmetric encryption; transform; encryption algorithm; decryption; input and output
differentials; differential characteristics; differential cryptanalysis;
I. INTRODUCTION
As you know, symmetric block ciphers are easier to implement, both software and hardware. For this reason, block
ciphers are often used to ensure the confidentiality of information. The size of encryption blocks significantly affects
the cryptographic strength of a block cipher, and it is not possible to perform cryptanalysis based on statistical
dependencies for such ciphers. According to this principle, Kuznyechik block cipher was created, the block size of
which consists of 128 bits. The Kuznyechik algorithm is based on the SP network. In 2015, the Kuznyechik algorithm
was included in the Russian cryptographic standard for data encryption GOST R 34.12-2015 as a block encryption
algorithm [1,2]. Therefore, the analysis of cryptographic transformations of the Kuznyechik encryption algorithm is
of important theoretical and practical importance.

2. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017
Issue 03, Volume 6 (March 2019) www.ijiris.com
IJIRIS: Mendeley (Elsevier Indexed) CiteFactor Journal Citations Impact Factor 1.23
Impact Factor Value – SJIF: Innospace, Morocco (2016): 4.651| Indexcopernicus: (ICV 2016): 88.20
© 2014- 19, IJIRIS- All Rights Reserved Page -39
For differential analysis, all possible differentials are searched, that is, the input difference din is searched, for which
the output difference dout appears more likely than others. The sequence of input and output differentials that the
output differential of the i-th round is the input for the i+1-th round is called the differential characteristic. The
differential characteristic built on the n-1 round of the n round cipher allows differential analysis and define some
bits of the encryption key [3].
The block encryption algorithm can be represented as the execution of several rounds of a certain sequence of
simple transformations. Most often such transformations are linear. After performing one round only linear
transformations on the text i, you can get g(i)+f(k), where k is the encryption key. To eliminate this effect, nonlinear
transformations are embedded in the cipher. Such, for example, are non-linear replacement tables (S-box). Mutually
non-linear operations are also used (for example, addition modulo 2n and bitwise addition modulo 2). Finding the
best differential characteristics of block encryption algorithms is a theoretical task and is performed once for each
algorithm. The values of the characteristics depend entirely on the structure of the encryption algorithm and the
cryptographic primitives used. Therefore, in this paper, for the effective implementation of differential cryptanalysis,
the linear transformation of the Kuznyechik encryption algorithm is investigated.
II. SPECIFICATION OF ALGORITHM
Like the AES Kuznyechik algorithm, it consists of repetitive rounds of the same type, including addition with a key,
linear and nonlinear transformation.
The first transformation is the addition of two or XOR data blocks of 128 bits long with a round key of 128 bits long:
  128128
VV:kX  ,    akakX  ,
where 128
Va,k  .
The second nonlinear transformation is the use of The S-box lookup table, in which each byte is replaced according
to the table by another byte:
128128
VV:S  ,
       015015
a||...||aa||...||aSaS  , where ....,,,j,Va,Va||...||aa j 15108128015 
The Kuznyechik algorithm uses the same substitution as the Streebog hash function [5,6]. The total number of table
elements is 256:
S = {252, 238, 221, 17, 207, 110, 49, 22, 251, 196, 250, 218, 35, 197, 4, 77, 233, 119, 240, 219, 147, 46, 153, 186, 23,
54, 241, 187, 20, 205, 95, 193, 249, 24, 101, 90, 226, 92, 239, 33, 129, 28, 60, 66, 139, 1, 142, 79, 5, 132, 2, 174, 227,
106, 143, 160, 6, 11, 237, 152, 127, 212, 211, 31, 235, 52, 44, 81, 234, 200, 72, 171, 242, 42, 104, 162, 253, 58, 206,
204, 181, 112, 14, 86, 8, 12, 118, 18, 191, 114, 19, 71, 156, 183, 93, 135, 21, 161, 150, 41, 16, 123, 154, 199, 243, 145,
120, 111, 157, 158, 178, 177, 50, 117, 25, 61, 255, 53, 138, 126, 109, 84, 198, 128, 195, 189, 13, 87, 223, 245, 36, 169,
62, 168, 67, 201, 215, 121, 214, 246, 124, 34, 185, 3, 224, 15, 236, 222, 122, 148, 176, 188, 220, 232, 40, 80, 78, 51,
10, 74, 167, 151, 96, 115, 30, 0, 98, 68, 26, 184, 56, 130, 100, 159, 38, 65, 173, 69, 70, 146, 39, 94, 85, 47, 140, 163,
165, 125, 105, 213, 149, 59, 7, 88, 179, 64, 134, 172, 29, 247, 48, 55, 107, 228, 136, 217, 231, 137, 225, 27, 131, 73,
76, 63, 248, 254, 141, 83, 170, 144, 202, 216, 133, 97, 32, 113, 103, 164, 45, 43, 9, 91, 203, 155, 37, 208, 190, 229,
108, 82, 89, 166, 116, 210, 230, 244, 180, 192, 209, 102, 175, 194, 57, 75, 99, 182}.
The third linear transformation can be implemented not only as usual in block - matrix ciphers, but also using a
linear shift register with feedback, which is repeated 16 times:
128128
VV:R  ,       115015015
a||...|a||a,...,ala||...||aRaR  ,
where .,j,Va,Va||...||aa j 1508128015 
,VV:L 128128
    ,aRaL 16

where 128
Va .
Shift register itself (Fig.1.) is realized over the Galois field modulo an irreducible polynomial of degree 8 -
  1678
 xxxxxp .

3. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017
Issue 03, Volume 6 (March 2019) www.ijiris.com
IJIRIS: Mendeley (Elsevier Indexed) CiteFactor Journal Citations Impact Factor 1.23
Impact Factor Value – SJIF: Innospace, Morocco (2016): 4.651| Indexcopernicus: (ICV 2016): 88.20
© 2014- 19, IJIRIS- All Rights Reserved Page -40
Fig. 1. View of a single linear transformation.
The round transformation can be represented as follows:
 ,KInSLOut i

where In - input block, i
K - round key, Out - output block.
III. ENCRYPTION AND DECRYPTION
As a result, the encryption of one 128-bit input block is described by the following equation [6]:
          ,aKLSXKLSX...KLSXKXaE K,...K 12910101

Where 128
Va .
Decoding is realized by inverting the basic transformations and applying them in the reverse order:
     ...KXLSKXaD K,...K 2
11
1101

     ,aKXLSKXLS... 10
11
9
11 
Where 128
Va .
IV.CRYPTANALYSES
The author has investigated the transformation of symmetric block encryption algorithm data Kuznyechik on the
subject of their descriptions in a form suitable for differential analysis. First of all, it is necessary to simplify the type
of linear transformation, which is a linear shift register. A program was created that calculated the matrix A of the
linear transformation in the following form:
XAY  ,
where X the input sequence of 16 bytes - the result of a linear transformation X. The resulting matrix:
207 152 116 191 147 142 242 243 10 191 246 169 234 142 77 110 110 32 198 218 144 72 137 156 193 100 184 45
134 68 208 162 162 200 135 112 104 67 28 43 161 99 48 107 159 48 227 118 118 51 16 12 28 17 214 106 166 215
246 73 7 20 232 114 114 242 107 202 32 235 2 164 141 212 196 1 101 221 76 108 108 118 236 12 197 188 175
110 163 225 144 88 14 2 195 72 72 213 98 23 6 45 196 231 213 235 153 120 82 245 22 122 122 230 78 26 187 46
241 190 212 175 55 177 212 42 110 184 184 73 135 20 203 141 171 73 9 108 42 1 96 142 75 93 93 212 184 47 141
18 238 246 8 84 15 243 152 200 127 39 39 159 190 104 26 124 173 201 132 47 235 254 198 72 162 189 189 149
94 48 233 96 191 16 239 57 236 145 127 72 137 16 16 233 208 217 243 148 61 175 123 255 100 145 82 248
13 221 221 153 117 202 151 68 90 224 48 166 49 211 223 72 100 132 132 45 116 150 93 119 111 222 84 180 141
209 68 60 165 148 148 32 133 16 194 192 1 251 1 192 194 16 133 32 148 1.
Then the analysis of replacement tables was carried out. First of all, the differential characteristics of the table were
calculated. The maximum value of the differential characteristic is 8/256. Since, when deciphering the sequence and
the transformations themselves, they needed to be obtained. The inverse replacement table is obtained in the form
[6]:
S–1 = {165, 45, 50, 143, 14, 48, 56, 192, 84, 230, 158, 57, 85, 126, 82, 145, 100, 3, 87, 90, 28, 96, 7, 24, 33, 114, 168,
209, 41, 198, 164, 63, 224, 39, 141, 12, 130, 234, 174, 180, 154, 99, 73, 229, 66, 228, 21, 183, 200, 6, 112, 157, 65,
117, 25, 201, 170, 252, 77, 191, 42, 115, 132, 213, 195, 175, 43, 134, 167, 177, 178, 91, 70, 211, 159, 253, 212, 15,
156, 47, 155, 67, 239, 217, 121, 182, 83, 127, 193, 240, 35, 231, 37, 94, 181, 30, 162, 223, 166, 254, 172, 34, 249, 226,
74, 188, 53, 202, 238, 120, 5, 107, 81, 225, 89, 163, 242, 113, 86, 17, 106, 137, 148, 101, 140, 187, 119, 60, 123, 40,

4. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017
Issue 03, Volume 6 (March 2019) www.ijiris.com
IJIRIS: Mendeley (Elsevier Indexed) CiteFactor Journal Citations Impact Factor 1.23
Impact Factor Value – SJIF: Innospace, Morocco (2016): 4.651| Indexcopernicus: (ICV 2016): 88.20
© 2014- 19, IJIRIS- All Rights Reserved Page -41
171, 210, 49, 222, 196, 95, 204, 207, 118, 44, 184, 216, 46, 54, 219, 105, 179, 20, 149, 190, 98, 161, 59, 22, 102, 233,
92, 108, 109, 173, 55, 97, 75, 185, 227, 186, 241, 160, 133, 131, 218, 71, 197, 176, 51, 250, 150, 111, 110, 194, 246,
80, 255, 93, 169, 142, 23, 27, 151, 125, 236, 88, 247, 31, 251, 124, 9, 13, 122, 103, 69, 135, 220, 232, 79, 29, 78, 4, 235,
248, 243, 62, 61, 189, 138, 136, 221, 205, 11, 19, 152, 2, 147, 128, 144, 208, 36, 52, 203, 237, 244, 206, 153, 16, 68,
64, 146, 58, 1, 38, 18, 26, 72, 104, 245, 129, 139, 199, 214, 32, 10, 8, 0, 76, 215, 116}.
Next, it was necessary to present the linear transformation in the form of the corresponding matrix. If the direct
transformation is of the form and the inverse linear transformation is of the form, then the matrix can be obtained:
1 148 32 133 16 194 192 1 251 1 192 194 16 133 32 148 148 165 60 68 209 141 180 84 222 111 119 93 150 116 45
132 132 100 72 223 211 49 166 48 224 90 68 151 202 117 153 221 221 13 248 82 145 100 255 123 175 61 148
243 217 208 233 16 16 137 72 127 145 236 57 239 16 191 96 233 48 94 149 189 189 162 72 198 254 235 47 132
201 173 124 26 104 190 159 39 39 127 200 152 243 15 84 8 246 238 18 141 47 184 212 93 93 75 142 96 1 42 108
9 73 171 141 203 20 135 73 184 184 110 42 212 177 55 175 212 190 241 46 187 26 78 230 122 122 22 245 82 120
153 235 213 231 196 45 6 23 98 213 72 72 195 2 14 88 144 225 163 110 175 188 197 12 236 118 108 108 76 221
101 1 196 212 141 164 2 235 32 202 107 242 114 114 232 20 7 73 246 215 166 106 214 17 28 12 16 51 118 118
227 48 159 107 48 99 161 43 28 67 104 112 135 200 162 162 208 68 134 45 184 100 193 156 137 72 144 218 198
32 110 110 77 142 234 169 246 191 10 243 242 142 147 191 116 152 207.
Since, the differential analysis of linear transformations (forward and reverse) gives a transition with probability 1
(that is, one differential passes uniquely only to a certain differential). Therefore, analyses should be carried out
quite easily.
V. MAIN RESULTS
Theorem 1. For any 256
Fa,x  there is such 256
Fy that for any pairs of texts 256
FX,X  , which xXX  , with
probability 1 is equal yXaXa  .
Proof. Calculate   .xaXXaXaXa 
Where you can get xay  that does not depend on the choice X,X  . The theorem is proved.
The differential analysis of the inverse replacement table gives a matrix 256256 .
Theorem 2. Matrix differential analysis A and permutation S matrix differential analysis B permutations are S–1
linked by a ratio T
BA  .
Proof. Consider a set consisting 256256
FF  of all possible pairs of 1-byte texts. As a permutation, S the transformation
converts this SS  set of pairs in himself bijective. Let the differential x go into the differential y with
probability .p Consider all differentials i
x that go into y with non-zero probability i
p . Then it is obvious that
 
i
ip 1. The difference of this value from 1 contradicts bijectively conversion S . In this case, S–1 the differential
y can be transformed only into differentials i
x (the opposite also contradicts the bijectivity). We get i
p that the
probability must be maintained. The only thing that changes is the order (which value corresponds to the row
number and which column number), which corresponds to the transpose operation. The theorem is proved.
VI. CONCLUSIONS
The two theorems proved are the basics of the simplified analysis performed. Due to them, there is no need to store
16 matrices of sizes 256 × 256 each, but need only to perform the multiplication operation, as well as to store the
minimum number of matrices of differential analysis. The study allows us to represent the transformation of the data
encryption algorithm in an analytical form, in which it is possible to create software to identify the most probable
differentials.
ACKNOWLEDGMENT
The obtained results were used for differential cryptanalysis of the block encryption algorithm Kuznyechik [7]. As a
result, the most probable differentials of the algorithm with respect to two and three rounds were revealed. A high
level of robustness was demonstrated already after two rounds of a relatively specially constructed differential
attack and the impossibility of carrying out a differential analysis to the entire Kuznyechik algorithm.

5. International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017
Issue 03, Volume 6 (March 2019) www.ijiris.com
IJIRIS: Mendeley (Elsevier Indexed) CiteFactor Journal Citations Impact Factor 1.23
Impact Factor Value – SJIF: Innospace, Morocco (2016): 4.651| Indexcopernicus: (ICV 2016): 88.20
© 2014- 19, IJIRIS- All Rights Reserved Page -42
REFERENCES
[1] Federal Agency on Technical Regulation and Metrology: Block ciphers (2015).
http://www.tc26.ru/en/standard/draft/ENG_GOST_R_bsh.pdf.
[2] Information technology. Cryptographic data security. Block ciphers operation modes. URL:
http://www.tc26.ru/standard/ gost/GOST_R_ 3413-2015.pdf.
[3] E. Biham, A. Shamir. Differential cryptanalysis of DES-like cryptosystems // Journal Cryptology. 1991. V. 4.
P. 3–72.
[4] R. AlTawy, A. Youssef, Meet in the Middle Attack on Reduced Round Kuznyechik, https://eprint.iacr.org/2015/
096.pdf, pp. 9-12.
[5] A. Biryukov, L. Perrin, A. Udovenko, Reverse-Engineering the S-Box of Streebog, Kuznyechik and STRIBOBr1
(Full Version), https://eprint.iacr.org/ 2016/071.pdf, p. 3.
[6] V. Dolmatov, GOST R 34.12-2015: Block Cipher "Kuznyechik. http://www.protocols.ru/WP/wp-content/
uploads/2016 /03/ rfc7801.pdf, pp. 3-4.
[7] G.U. Juraev, A.A. Ikramov, A.R. Marakhimov, About differential cryptanalysis algorithm of block encryption
Kuznyechik //International Journal of Advanced Research in Science, Engineering and Technology. Vol. 6, Issue
2, Feb 2019. –P. 8164-8169. http://www.ijarset.com/upload/2019/february/26-IJARSET-gjuraev.pdf.