

A New Encryption Standard of Ukraine: The Kalyna Block Cipher - mykhal
http://eprint.iacr.org/2015/650

======
tptacek
As cipher papers go, not especially interesting. The best ones have long
sections explaining each of their design decisions. This paper starts out by
pointing out that GOST is much slower than AES in practice, but never
acknowledges that any conventional block cipher that isn't AES is probably
doomed to inferior performance (because AES is hardware accelerated).

It would be interesting to see a country adopt a native stream cipher instead
of a block cipher as their standard. The performance of stream ciphers is more
competitive, you lose the requirement to define 8-10 "official modes" (most of
which are insecure), and stream ciphers are virtually always what you want
anyways: in 2015, block ciphers mostly exist in order to be transformed into
stream ciphers via counter mode.

~~~
sdevlin
Building around S-box lookups also seems like a weird choice in 2015. I looked
and couldn't find any considerations for cache-timing side channels. There
really wasn't much advice for implementers at all.

I'm not sure this is a major vulnerability in practice, but it is strange not
even to mention 10+ years of cache-timing attacks against AES.

~~~
pbsd
Kalyna was the result of a public competition started in 2006 [1], so it
mirrors design preferences of that time. There were 4 other candidates, some
were broken, and none of them seem any more cache-timing resistant than
Kalyna.

[1]
[https://www.sav.sk/journals/uploads/0317154006ogdr.pdf](https://www.sav.sk/journals/uploads/0317154006ogdr.pdf)

~~~
sdevlin
Interesting notes, I didn't realize the competition was so old. Thanks!

