Kuznyechik - Russian 128-bit Block Cipher
═════════════════════════════════════════
This is an implementation of Kuznyechik, the 128-bit block cipher used as
a national standard of the Russian Federation and described in ГОСТ Р
34.12-2015, ГОСТ 34.12-2018 and RFC 7801. It has been implemented
according to the reference document:

  https://tc26.ru/standard/gost/GOST_R_3412-2015.pdf (на русском)


The origin of this implementation goes far back in history. Its first
version has been based on the code written by Dr. Markku-Juhani O.
Saarinen (still accessible: https://github.com/mjosaarinen/kuznechik).
Our changes in the initial version included optimised portable 64-bit
code and, as an option, code optimised for CPUs with SSE extensions.

The SSE version was supposed to be faster and it likely was at the time
of writing the code. But modern compilers have their own ways how to
optimise the compiled code and drastic manual optimisations may actually
prove detrimental to performance. The following benchmark speaks for
itself:

  kuznyechik-kuzcrypt-ref ........... 152.684 MB/s (this version)
  kuznyechik-kuzcrypt-old-ref ....... 150.274 MB/s
  kuznyechik-kuzcrypt-old-sse ....... 148.737 MB/s
  kuznyechik-oliynykov-ref .......... 138.780 MB/s
  kuznyechik-saarinen-sse ........... 130.230 MB/s
  kuznyechik-veracrypt-ref .......... 148.082 MB/s
  kuznyechik-veracrypt-sse .......... 142.895 MB/s

Generated with: https://github.com/kuzcrypt/kuznyechik-bench

For this objective reason, we decided to remove the ‘optimised’ version
and keep the code portable. All versions were compiled with gcc and with
-Ofast turned on.