A Meet In The Middle Attack On Reduced Round Kuznyechik

In this letter, we present a meet-in-the-middle attack on the 5-round reduced Kuznyechik cipher which has been recently chosen to be standardized by the Russian federation. Our attack is based on the differential enumeration approach. However, the application of the exact approach is not successful on Kuznyechik due to its optimal round diffusion properties. Accordingly, we adopt an equivalent representation for the last round where we can efficiently filter ciphertext pairs and launch the attack in the chosen ciphertext setting. We also utilize partial sequence matching which further reduces the memory and time complexities. For the 5-round reduced cipher, the 256-bit master key is recovered with an online time complexity of 2(140.3), a memory complexity of 2(153.3), and a data complexity of 2(113).