Analysis of DSTU 8961:2019 in random oracle model

• Published in: Radiotekhnika no. 211; pp. 22 - 36
• Main Author: Kandiy, S.О.
• Format: Journal Article
• Language: English
• Published: 30.12.2022
• ISSN: 0485-8972; 2786-5525; 2786-5525
• DOI: 10.30837/rt.2022.4.211.02

The paper provides a proof in the IND-CCA2 random oracle model of the security of the asymmetric encryption scheme described in the DSTU 8961:2019 standard, and the IND-CCA2 security of the corresponding key encapsulation mechanism. Since the standard contains only a technical description of transformations, a formalized mathematical model was introduced in Chapter 4 without unnecessary technical details that do not affect safety assessments. Since the system-wide parameters in the standard were chosen in such a way that the scheme did not contain decryption errors, it was possible to simplify significantly the proof. Section 5 provides a schematic overview of possible attack vectors on the DSTU 8961:2019, but a detailed analysis is the subject of further research. In addition to safety, the analysis also showed that the DSTU 8961:2019 has a certain disadvantage in terms of safety. The design can be significantly simplified and accelerated without loss of safety. Security, on the contrary, can be significantly increased.