`105082`

`197374`

- ISO/IEC 10116
- series of standards ISO/IEC 18033

- encryption algorithm:
- process that transforms plaintext into
ciphertext (Clause 2.19 of
) - decryption algorithm:
- process that transforms ciphertext into
plaintext (Clause 2.14 of
) - basic block cipher:
- block cipher that, for a given key, provides a single invertible mapping of the set of fixed-length plaintext blocks into ciphertext blocks of the same length
- block:
- string of bits of a defined length (Clause 2.6 of
) - block cipher:
symmetric encipherment system with the property that the encryption algorithm operates on a block of plaintext -- i.e., a string of bits of a defined length -- to yield a block of ciphertext (Clause 2.7 of ) Note: In GOST R 34.12-2015, it is established that the terms "block cipher" and "block encryption algorithm" are synonyms. - encryption:
- reversible transformation of data by a
cryptographic algorithm to produce ciphertext -- i.e., to hide the
information content of the data (Clause 2.18 of
) - round key:
- sequence of symbols that is calculated from the key and controls a transformation for one round of a block cipher
- key:
sequence of symbols that controls the operation of a cryptographic transformation (e.g., encipherment, decipherment) (Clause 2.21 of ) Note: In GOST R 34.12-2015, the key must be a binary sequence. - plaintext:
- unencrypted information (Clause 3.11 of
) - key schedule:
- calculation of round keys from the key,
- decryption:
- reversal of a corresponding encipherment (Clause
2.13 of
) - symmetric cryptographic technique:
- cryptographic technique that
uses the same secret key for both the originator's and the
recipient's transformation (Clause 2.32 of
) - cipher:
- alternative term for encipherment system (Clause 2.20
of
) - ciphertext:
- data that has been transformed to hide its
information content (Clause 3.3 of
)

- V*
- the set of all binary vector strings of a finite length (hereinafter referred to as the strings), including the empty string
- V_s
- the set of all binary strings of length s, where s is a nonnegative integer; substrings and string components are enumerated from right to left, starting from zero
- U[*]W
- direct (Cartesian) product of two sets U and W
- |A|
- the number of components (the length) of a string A belonging to V* (if A is an empty string, then |A| = 0)
- A||B
- concatenation of strings A and B both belonging to V* -- i.e., a string from V_(|A|+|B|), where the left substring from V_|A| is equal to A and the right substring from V_|B| is equal to B
- A<<<_11
- cyclic rotation of string A belonging to V_32 by 11 components in the direction of components having greater indices
- Z_(2^n)
- ring of residues modulo 2^n
- (xor)
- exclusive-or of two binary strings of the same length
- [+]
- addition in the ring Z_(2^32)
- Vec_s: Z_(2^s) -> V_s
- bijective mapping that maps an element from ring Z_(2^s) into its binary representation; i.e., for an element z of the ring Z_(2^s), represented by the residue z_0 + (2*z_1) + ... + (2^(s-1)*z_(s-1)), where z_i in {0, 1}, i = 0, ..., n-1, the equality Vec_s(z) = z_(s-1)||...||z_1||z_0 holds
- Int_s: V_s -> Z_(2^s)
- the mapping inverse to the mapping Vec_s, i.e., Int_s = Vec_s^(-1)
- PS
- composition of mappings, where the mapping S applies first
- P^s
- composition of mappings P^(s-1) and P, where P^1=P

- t: V_32 -> V_32
- t(a) = t(a_7||...||a_0) = Pi_7(a_7)||...||Pi_0(a_0), where a=a_7||...||a_0 belongs to V_32, a_i belongs to V_4, i=0, 1, ..., 7.
- g[k]: V_32 -> V_32
- g[k](a) = (t(Vec_32(Int_32(a) [+] Int_32(k)))) <<<_11, where k, a belong to V_32
- G[k]: V_32[*]V_32 -> V_32[*]V_32
- G[k](a_1, a_0) = (a_0, g[k](a_0) (xor) a_1), where k, a_0, a_1 belong to V_32
- G^*[k]: V_32[*]V_32 -> V_64
- G^*[k](a_1, a_0) = (g[k](a_0) (xor) a_1) || a_0, where k, a_0, a_1 belong to V_32.

- S-BOX set is fixed at id-tc26-gost-28147-param-Z
(see
); - key is parsed as a single big-endian integer (compared to the
little-endian approach used in
), which results in different subkey values being used; - data bytes are also parsed as a single big-endian integer (instead of being parsed as little-endian integer).