
Possible cooked S-boxes in Kuznyechik & Streebog..Russian cipher & hash - utefan001
https://mailarchive.ietf.org/arch/msg/cfrg/4PmssKzCBsxTmLCieDgqD7Nynwg
======
ggm
The sentence which seems critical in his posting is maybe this one: _Arnaud
Bannier proved in his PhD (see also [3]) that an S-box preserving a partition
of the space into additive cosets in such a way that it interacts with the
linear layer was necessary to build some specific backdoors._

I am not a cryptographer or a mathematician. These words do seem very worrying
to me. He seems to be saying the primary quality, the preservation of a
property across sbox and linear layer was demonstrated.

------
dsl
These are both GOST R (ГОСТ) standards, which is the Russian equivalent of
NIST standards.

------
jdashg
I know some of these words. This sounds Bad.

