Analysis of DSTU 8961:2019 in random oracle model

Abstract

The paper provides a proof in the IND-CCA2 random oracle model of the security of the asymmetric encryption scheme described in the DSTU 8961:2019 standard, and the IND-CCA2 security of the corresponding key encapsulation mechanism. Since the standard contains only a technical description of transformations, a formalized mathematical model was introduced in Chapter 4 without unnecessary technical details that do not affect safety assessments. Since the system-wide parameters in the standard were chosen in such a way that the scheme did not contain decryption errors, it was possible to simplify significantly the proof. Section 5 provides a schematic overview of possible attack vectors on the DSTU 8961:2019, but a detailed analysis is the subject of further research. In addition to safety, the analysis also showed that the DSTU 8961:2019 has a certain disadvantage in terms of safety. The design can be significantly simplified and accelerated without loss of safety. Security, on the contrary, can be significantly increased.