Your search keyword '"Boomerang attack"' showing total 487 results

1. Related-Tweakey Boomerang and Rectangle Attacks on Reduced-Round Joltik-BC

Author

Shi, Kangkang, Ren, Jiongjiong, Chen, Shaozhen, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xia, Zhe, editor, and Chen, Jiageng, editor

Published

2025

2. Quantum Truncated Differential and Boomerang Attack.

Author

Xie, Huiqin and Yang, Li

Subjects

*QUANTUM gates, *BLOCK ciphers, *BLOCK designs, *QUBITS, *ALGORITHMS, *CRYPTOGRAPHY

Abstract

In order to design quantum-safe block ciphers, it is crucial to investigate the application of quantum algorithms to cryptographic analysis tools. In this study, we use the Bernstein–Vazirani algorithm to enhance truncated differential cryptanalysis and boomerang cryptanalysis. We first propose a quantum algorithm for finding truncated differentials, then rigorously prove that the output truncated differentials must have high differential probability for the vast majority of keys in the key space. Subsequently, based on this algorithm, we design a quantum algorithm for finding boomerang distinguishers. The quantum circuits of the two proposed quantum algorithms contain only polynomial quantum gates and qubits. Compared with classical tools for searching truncated differentials or boomerang distinguishers, the proposed algorithms can maintain the polynomial complexity while fully considering the impact of S-boxes and key scheduling. [ABSTRACT FROM AUTHOR]

Published

2024

3. The Retracing Boomerang Attack, with Application to Reduced-Round AES.

Author

Dunkelman, Orr, Keller, Nathan, Ronen, Eyal, and Shamir, Adi

Abstract

Boomerang attacks are extensions of differential attacks that make it possible to combine two unrelated differential properties of the first and second part of a cryptosystem with probabilities p and q into a new differential-like property of the whole cryptosystem with probability p 2 q 2 (since each one of the properties has to be satisfied twice). In this paper, we describe a new version of boomerang attacks which uses the counterintuitive idea of throwing out most of the data in order to force equalities between certain values on the ciphertext side. In certain cases, this creates a correlation between the four probabilistic events, which increases the probability of the combined property to p 2 q and increases the signal-to-noise ratio of the resultant distinguisher. We call this variant a retracing boomerang attack since we make sure that the boomerang we throw follows the same path on its forward and backward directions. To demonstrate the power of the new technique, we apply it to the case of 5-round AES. This version of AES was repeatedly attacked by a large variety of techniques, but for twenty years its complexity had remained stuck at 2 32 . At Crypto’18, it was finally reduced to 2 24 (for full key recovery), and with our new technique, we can further reduce the complexity of full key recovery to the surprisingly low value of 2 16.5 (i.e., only 90, 000 encryption/decryption operations are required for a full key recovery). In addition to improving previous attacks, our new technique unveils a hidden relationship between boomerang attacks and two other cryptanalytic techniques, the yoyo game and the recently introduced mixture differentials. [ABSTRACT FROM AUTHOR]

Published

2024

4. Boomerang Attacks on Reduced-Round Midori64.

Author

Gönen, Mehmet Emin, Gündoğan, Muhammed Said, and Otal, Kamil

Subjects

BLOCK ciphers, TIME complexity

Abstract

Midori64 is a lightweight SPN block cipher introduced by Banik et al. at ASIACRYPT 2015 and it operates on 64-bit states through 16 rounds using a 128-bit key. In the last decade, Midori64 has been exposed to several attacks. In this paper, to the best of our knowledge, we provide the first boomerang attack on Midori64 in the literature. For this purpose, firstly, we present a practical single key 7-round boomerang attack on Midori64, improving the mixture idea of Biryukov by a new technique which we call “mixture pool”, and then extend our attack up to 9 rounds with time complexity 2122.3, and memory and data complexity 236. (The authors of Midori stated that they expect much smaller rounds than eight rounds of Midori64 are secure against boomerang-type attacks.) We also emphasize that the mixture pool idea provides a kind of data-memory tradeoff and presents more usefulness for boomerang-type attacks. [ABSTRACT FROM AUTHOR]

Published

2024

5. Optimizing Rectangle and Boomerang Attacks: A Unified and Generic Framework for Key Recovery.

Author

Yang, Qianqian, Song, Ling, Zhang, Nana, Shi, Danping, Wang, Libo, Zhao, Jiahao, Hu, Lei, and Weng, Jian

Abstract

The rectangle attack has shown to be a very powerful form of cryptanalysis against block ciphers. Given a rectangle distinguisher, one expects to mount key recovery attacks as efficiently as possible. In the literature, there have been four algorithms for rectangle key recovery attacks. However, their performance varies from case to case. Besides, numerous are the applications where the attacks lack optimality. In this paper, we delve into the rectangle key recovery and propose a unified and generic key recovery algorithm, which supports any possible attacking parameters. Not only does it encompass the four existing rectangle key recovery algorithms, but it also reveals five new types of attacks that were previously overlooked. Further, we put forward a counterpart for boomerang key recovery attacks, which supports any possible attacking parameters as well. Along with these new key recovery algorithms, we propose a framework to automatically determine the best parameters for the attack. To demonstrate the efficiency of the new key recovery algorithms, we apply them to Serpent, AES-192, CRAFT, SKINNY, and Deoxys-BC-256 based on existing distinguishers, yielding a series of improved attacks. [ABSTRACT FROM AUTHOR]

Published

2024

6. Quantum Truncated Differential and Boomerang Attack

Author

Huiqin Xie and Li Yang

Subjects

quantum information, quantum cryptanalysis, symmetric cryptography, differential attack, boomerang attack, Mathematics, QA1-939

Abstract

In order to design quantum-safe block ciphers, it is crucial to investigate the application of quantum algorithms to cryptographic analysis tools. In this study, we use the Bernstein–Vazirani algorithm to enhance truncated differential cryptanalysis and boomerang cryptanalysis. We first propose a quantum algorithm for finding truncated differentials, then rigorously prove that the output truncated differentials must have high differential probability for the vast majority of keys in the key space. Subsequently, based on this algorithm, we design a quantum algorithm for finding boomerang distinguishers. The quantum circuits of the two proposed quantum algorithms contain only polynomial quantum gates and qubits. Compared with classical tools for searching truncated differentials or boomerang distinguishers, the proposed algorithms can maintain the polynomial complexity while fully considering the impact of S-boxes and key scheduling.

Published

2024

7. The Triangle Differential Cryptanalysis

Author

Xie, Xiaofeng, Tian, Tian, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Simpson, Leonie, editor, and Rezazadeh Baee, Mir Ali, editor

Published

2023

8. Truncated Boomerang Attacks and Application to AES-Based Ciphers

Author

Bariant, Augustin, Leurent, Gaëtan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Hazay, Carmit, editor, and Stam, Martijn, editor

Published

2023

9. Automatic boomerang attacks search on Rijndael

Author

Rouquette Loïc, Minier Marine, and Solnon Christine

Subjects

boomerang attack, constraint programming, automatic tools, rijndael, 94a60, 90c27, 90c30, Mathematics, QA1-939

Abstract

Boomerang attacks were introduced in 1999 by Wagner (The boomerang attack. In: Knudsen LR, editor. FSE’99. vol. 1636 of LNCS. Heidelberg: Springer; 1999. p. 156–70) as a powerful tool in differential cryptanalysis of block ciphers, especially dedicated to ciphers with good short differentials. They have been generalized to the related-key case by Biham et al. (Related-key boomerang and rectangle attacks. In: Cramer R, editor. Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22–26, 2005, Proceedings. vol. 3494 of Lecture Notes in Computer Science. Springer; 2005. p. 507–25. doi: 10.1007/11426639_30). In this article, we show how to adapt the model proposed in 2020 by Delaune et al. (Catching the fastest boomerangs application to SKINNY. IACR Trans Symm Cryptol. 2020;2020(4):104–29) for related-key boomerang attacks on the block cipher SKINNY to the Rijndael case. Rijndael is composed of 25 instances that could be seen as generalizations of the Advanced Encryption Standard. We detail our models and present the results we obtain concerning related-key boomerang attacks on Rijndael. Notably, we present a nine-round attack against Rijndael-128-160, which has 11 rounds and beats all previous cryptanalytic results against Rijdael-128-160.

Published

2024

10. A Low-Complexity Key-Recovery Attack on 6-Round Midori64.

Author

Xie, Xiaofeng and Tian, Tian

Abstract

In EUROCRYPT 2017, a new structure-difference property, say "a-multiple-of-8" was proposed on 5-round AES. Inspired by the idea, yoyo attacks and mixture differential attacks were proposed yielding new records on data and computational complexities for key-recovery attacks against 5-round AES. In this paper, the authors attempt to apply the idea of mixture differential cryptanalysis to Midori64. Midori is a lightweight block cipher proposed at ASIACRYPT 2015. Although the structure of Midori is similar to AES, the MixColumn matrix of Midori is not MDS. Based on this observation, the authors present a class of deterministic differential trails on 2-round Midori. Then combined with the yoyo trick, a new type of 4-round retracing boomerang distinguishers is obtained on Midori. Based on the new 4-round distinguishers, a key-recovery attack on 6-round Midori64 is given that requires only 227 computational complexity, 229 chosen plaintexts, 220 adaptively chosen ciphertexts. The key-recovery attack has been experimentally verified. [ABSTRACT FROM AUTHOR]

Published

2023

11. Optimizing Rectangle Attacks: A Unified and Generic Framework for Key Recovery

Author

Song, Ling, Zhang, Nana, Yang, Qianqian, Shi, Danping, Zhao, Jiahao, Hu, Lei, Weng, Jian, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Agrawal, Shweta, editor, and Lin, Dongdai, editor

Published

2022

12. Parallel Validity Analysis of the Boomerang Attack Model

Author

Li, Pei, Tan, Liliu, Yao, Shixiong, Chen, Jiageng, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Chen, Jiageng, editor, He, Debiao, editor, and Lu, Rongxing, editor

Published

2022

13. Quantum Boomerang Attacks and Some Applications

Author

Frixons, Paul, Naya-Plasencia, María, Schrottenloher, André, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, AlTawy, Riham, editor, and Hülsing, Andreas, editor

Published

2022

14. Improved Rectangle and Boomerang Attacks on MIBS-64.

Author

LIANG Xuan-Yu, CHEN Yin-Cen, YANG Qian-Qian, and SONG Ling

Subjects

RECTANGLES, TIME complexity, BLOCK ciphers, CRYPTOGRAPHY

Abstract

MIBS is a lightweight block cipher proposed by Izadi et al. in 2009, which has two variants: MIBS-64 and MIBS-80. In 2019, Chen et al. performed a key recovery attack on 15-round MIBS-64 based on a 13-round Rectangle distinguisher, and the time, data, and memory complexity (T;D;M) of the attack equal (259; 245; 245). Based on Chen et al.'s attack, this paper further investigates the ability of MIBS-64 to resist Rectangle and Boomerang attacks. By exploiting the fact that differences propagate through a linear layer deterministically, the time complexity of the 15-round Rectangle attack can be reduced from 259 to 247. In order to make a deeper analysis of MIBS, this paper adopts the new key recovery algorithms recently proposed by Song et al. for Boomerang attacks, and then constructs key recovery attacks on 15 and 16 rounds of MIBS whose complexities are (238; 237; 236) and (260; 260; 230) respectively. The results of this paper updates the cryptanalysis results of MIBS-64 under Boomerang and Rectangle attacks, proposes the first 16-round attack on MIBS-64. [ABSTRACT FROM AUTHOR]

Published

2023

15. New results on quantum boomerang attacks.

Author

Zou, Hongkai, Zou, Jian, and Luo, Yiyuan

Subjects

*BLOCK ciphers, *ALGORITHMS

Abstract

At SAC 2021, Frixons et al. proposed quantum boomerang attacks that can effectively recover the keys of block ciphers in the quantum setting. Based on their work, we further consider how to quantize the generic boomerang attacks proposed by Biham et al. at FSE 2002, so as to obtain more generic quantum boomerang attacks. Similar to Frixons et al.'s work, we only consider quantum key recovery attacks in the single-key setting. With the help of some famous quantum algorithms, this paper presents two methods to convert the attacks of Biham et al. into some new quantum key recovery attacks. In order to proof our methods, we apply our new ideas to attack Serpent-256 and ARIA-196. To sum up, for Serpent-256, we give valid 9-round and 10-round quantum key recovery attacks respectively. The quantum time complexity of 9-round and 10-round of Serpent-256 is 2 115.43 and 2 126.6 respectively. Furthermore, we show a valid quantum key attack on 6-round ARIA-196 which has a time complexity of 2 89.8 with negligible memory. The time complexity of the above quantum attacks are better than the corresponding classical attacks and quantum generic key recovery attack via Grover's algorithm. [ABSTRACT FROM AUTHOR]

Published

2023

16. On Boomerang Attacks on Quadratic Feistel Ciphers

Author

Xavier Bonnetain and Virginie Lallemand

Subjects

Boomerang attack, Automatic tool, Feistel cipher, KATAN, Simon, Computer engineering. Computer hardware, TK7885-7895

Abstract

The recent introduction of the Boomerang Connectivity Table (BCT) at Eurocrypt 2018 revived interest in boomerang cryptanalysis and in the need to correctly build boomerang distinguishers. Several important advances have been made on this matter, with in particular the study of the extension of the BCT theory to multiple rounds and to different types of ciphers. In this paper, we pursue these investigations by studying the specific case of quadratic Feistel ciphers, motivated by the need to look at two particularly lightweight ciphers, KATAN and Simon. Our analysis shows that their light round function leads to an extreme case, as a one-round boomerang can only have a probability of 0 or 1. We identify six papers presenting boomerang analyses of KATAN or Simon and all use the naive approach to compute the distinguisher’s probability. We are able to prove that several results are theoretically incorrect and we run experiments to check the probability of the others. Many do not have the claimed probability: it fails distinguishing in some cases, but we also identify instances where the experimental probability turns out to be better than the claimed one. To address this shortfall, we propose an SMT model taking into account the boomerang constraints. We present several experimentally-verified related-key distinguishers obtained with our new technique: on KATAN32 a 151-round boomerang and on Simon-32/64 a 17-round boomerang, a 19-round rotational-xor boomerang and a 15-round rotational-xor-differential boomerang. Furthermore, we extend our 19-round distinguisher into a 25-round rotational-xor rectangle attack on Simon-32/64. To the best of our knowledge this attack reaches one more round than previously published results.

Published

2023

17. Improved (Related-key) Differential Cryptanalysis on GIFT

Author

Ji, Fulei, Zhang, Wentao, Zhou, Chunning, Ding, Tianyou, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dunkelman, Orr, editor, Jacobson, Jr., Michael J., editor, and O'Flynn, Colin, editor

Published

2021

18. POSTER: Resistance Analysis of Two AES-Like Against the Boomerang Attack

Author

Debesse, Laetitia, Mesnager, Sihem, Msahli, Mounira, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Zhou, Jianying, editor, Ahmed, Chuadhry Mujeeb, editor, Batina, Lejla, editor, Chattopadhyay, Sudipta, editor, Gadyatskaya, Olga, editor, Jin, Chenglu, editor, Lin, Jingqiang, editor, Losiouk, Eleonora, editor, Luo, Bo, editor, Majumdar, Suryadipta, editor, Maniatakos, Mihalis, editor, Mashima, Daisuke, editor, Meng, Weizhi, editor, Picek, Stjepan, editor, Shimaoka, Masaki, editor, Su, Chunhua, editor, and Wang, Cong, editor

Published

2021

19. New Properties of the Double Boomerang Connectivity Table

Author

Qianqian Yang, Ling Song, Siwei Sun, Danping Shi, and Lei Hu

Subjects

boomerang attack, DBCT, cluster, CRAFT, TweAES, Deoxys-BC, Computer engineering. Computer hardware, TK7885-7895

Abstract

The double boomerang connectivity table (DBCT) is a new table proposed recently to capture the behavior of two consecutive S-boxes in boomerang attacks. In this paper, we observe an interesting property of DBCT of S-box that the ladder switch and the S-box switch happen in most cases for two continuous S-boxes, and for some S-boxes only S-box switch and ladder switch are possible. This property implies an additional criterion for S-boxes to resist the boomerang attacks and provides as well a new evaluation direction for an S-box. Using an extension of the DBCT, we verify that some boomerang distinguishers of TweAES and Deoxys are flawed. On the other hand, inspired by the property, we put forward a formula for estimating boomerang cluster probabilities. Furthermore, we introduce the first model to search for boomerang distinguishers with good cluster probabilities. Applying the model to CRAFT, we obtain 9-round and 10-round boomerang distinguishers with a higher probability than that of previous works.

Published

2022

20. Survey on recent trends towards generalized differential and boomerang uniformities.

Author

Mesnager, Sihem, Mandal, Bimal, and Msahli, Mounira

Abstract

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block and stream ciphers and cryptographic hash functions. The discovery of differential cryptanalysis is generally attributed to Biham and Shamir in the late 1980s, who published several attacks against various block ciphers and hash functions, including a theoretical weakness in the Data Encryption Standard (DES). Boomerang cryptanalysis is a method for the cryptanalysis of block ciphers based on differential cryptanalysis. It was invented by Wagner in (FSE, LNCS 1636, 156–170, 1999) and has allowed new avenues of attack for many ciphers previously deemed safe from differential cryptanalysis. Differential and boomerang uniformities are crucial tools to handle and analyze vectorial functions (designated by substitution boxes, or briefly S-boxes in the context of symmetric cryptography) to resist differential and boomerang attacks, respectively. Ellingsen et al. (IEEE Transactions on Information Theory 66(9), 2020) introduced a new variant of differential uniformity, called c-differential uniformity (where c is a non-zero element of a finite field of characteristic p), of p-ary (n, m)-function for any prime p obtained by extending the well-known derivative of vectorial functions into the (multiplicative) c-derivative. Later, Stănică [Discrete Applied Mathematics, 2021] introduced the notion of c-boomerang uniformity. Both c-differential and c-boomerang uniformities have been extended to the idea of simple differential and boomerang uniformities, respectively, which are recovered when c equals 1.This survey paper combines the known results on this new concept of differential and boomerang uniformities and analyzes their possible cryptographic applications. This survey presents an overview of these significant concepts that might have greater implications for future theoretical research on this subject and applied perspectives in symmetric cryptography and related topics. Along with the paper, we analyze these discoveries and the results provided synthetically. The article intends to help readers explore further avenues in this promising and emerging direction of research. At the end of the article, we present more than nine lines of perspectives and research directions to benefit symmetric cryptography and other related domains such as combinatorial theory (namely, graph theory). [ABSTRACT FROM AUTHOR]

Published

2022

21. Automatic Search of Rectangle Attacks on Feistel Ciphers: Application to WARP

Author

Virginie Lallemand, Marine Minier, and Loïc Rouquette

Subjects

Cryptanalysis, Feistel cipher, Boomerang attack, WARP, Computer engineering. Computer hardware, TK7885-7895

Abstract

In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al. automated tool to the case of Feistel ciphers, and discuss several improvements to keep the execution time reasonable. This technique returns a 23-round distinguisher of probability 2−124, which becomes the best distinguisher presented on WARP so far. We then look for an attack by adding the key recovery phase to our model and we obtain a 26-round rectangle attack with time and data complexities of 2115.9 and 2120.6 respectively, again resulting in the best result presented so far. Incidentally, our analysis discloses how an attacker can take advantage of the position of the key addition (put after the S-box application to avoid complementation properties), which in our case offers an improvement of a factor of 275 of the time complexity in comparison to a variant with the key addition positioned before. Note that our findings do not threaten the security of the cipher which iterates 41 rounds.

Published

2022

22. A Formal Analysis of Boomerang Probabilities

Author

Andreas B. Kidmose and Tyge Tiessen

Subjects

boomerang attack, cryptanalysis, independence, Serpent, Computer engineering. Computer hardware, TK7885-7895

Abstract

In the past 20 years since their conception, boomerang attacks have become an important tool in the cryptanalysis of block ciphers. In the classical estimate of their success probability, assumptions are made about the independence of the underlying differential trails that are not well-founded. We underline the problems inherent in these independence assumptions by using them to prove that for any boomerang there exists a differential trail over the entire cipher with a higher probability than the boomerang. While cryptanalysts today have a clear understanding that the trails can be dependent, the focus of previous research has mostly gone into using these dependencies to improve attacks but little effort has been put into giving boomerangs and their success probabilities a stronger theoretical underpinning. With this publication, we provide such a formalization. We provide a framework which allows us to formulate and prove rigorous statements about the probabilities involved in boomerang attacks without relying on independence assumptions of the trails. Among these statements is a proof that two-round boomerangs on SPNs with differentially 4-uniform S-boxes always deviate from the classical probability estimate to the largest degree possible. We applied the results of this formalization to analyze the validity of some of the first boomerang attacks. We show that the boomerang constructed in the amplified boomerang attack on Serpent by Kelsey, Kohno, and Schneier has probability zero. For the rectangle attack on Serpent by Dunkelman, Biham, and Keller, we demonstrate that a minuscule fraction of only 2−43.4 of all differential trail combinations used in the original attack have a non-zero probability. In spite of this, the probability of the boomerang is in fact a little higher than the original estimate suggests as the non-zero trails have a vastly higher probability than the classical estimate predicts.

Published

2022

23. Improved Related-Tweakey Boomerang Attacks on Deoxys-BC

Author

Sasaki, Yu, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Joux, Antoine, editor, Nitaj, Abderrahmane, editor, and Rachidi, Tajjeeddine, editor

Published

2018

24. Boomerang Connectivity Table: A New Cryptanalysis Tool

Author

Cid, Carlos, Huang, Tao, Peyrin, Thomas, Sasaki, Yu, Song, Ling, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Nielsen, Jesper Buus, editor, and Rijmen, Vincent, editor

Published

2018

25. On the Feistel Counterpart of the Boomerang Connectivity Table

Author

Hamid Boukerrou, Paul Huynh, Virginie Lallemand, Bimal Mandal, and Marine Minier

Subjects

Cryptanalysis, Feistel cipher, Boomerang attack, Boomerang switch, Computer engineering. Computer hardware, TK7885-7895

Abstract

At Eurocrypt 2018, Cid et al. introduced the Boomerang Connectivity Table (BCT), a tool to compute the probability of the middle round of a boomerang distinguisher from the description of the cipher’s Sbox(es). Their new table and the following works led to a refined understanding of boomerangs, and resulted in a series of improved attacks. Still, these works only addressed the case of Substitution Permutation Networks, and completely left out the case of ciphers following a Feistel construction. In this article, we address this lack by introducing the FBCT, the Feistel counterpart of the BCT. We show that the coefficient at row Δi, ∇o corresponds to the number of times the second order derivative at points Δi, ∇o) cancels out. We explore the properties of the FBCT and compare it to what is known on the BCT. Taking matters further, we show how to compute the probability of a boomerang switch over multiple rounds with a generic formula.

Published

2020

26. On the boomerang uniformity of some permutation polynomials.

Author

Calderini, Marco and Villa, Irene

Abstract

The boomerang attack, introduced by Wagner in 1999, is a cryptanalysis technique against block ciphers based on differential cryptanalysis. In particular it takes into consideration two differentials, one for the upper part of the cipher and one for the lower part, and it exploits the dependency of these two differentials. At Eurocrypt'18, Cid et al. introduced a new tool, called the Boomerang Connectivity Table (BCT), that permits to simplify this analysis. Next, Boura and Canteaut introduced an important parameter for cryptographic S-boxes called boomerang uniformity, that is the maximum value in the BCT. Very recently, the boomerang uniformity of some classes of permutations (in particular quadratic functions) have been studied by Li, Qu, Sun and Li, and by Mesnager, Tang and Xiong. In this paper we further study the boomerang uniformity of some non-quadratic differentially 4-uniform functions. In particular, we consider the case of the Bracken-Leander cubic function and three classes of 4-uniform functions constructed by Li, Wang and Yu, obtained from modifying the inverse functions. [ABSTRACT FROM AUTHOR]

Published

2020

27. On the boomerang uniformity of quadratic permutations.

Author

Mesnager, Sihem, Tang, Chunming, and Xiong, Maosheng

Subjects

PERMUTATIONS, BLOCK ciphers, UNIFORMITY, BOOLEAN functions

Abstract

At Eurocrypt'18, Cid, Huang, Peyrin, Sasaki, and Song introduced a new tool called Boomerang Connectivity Table (BCT) for measuring the resistance of a block cipher against the boomerang attack which is an important cryptanalysis technique introduced by Wagner in 1999 against block ciphers. Next, Boura and Canteaut introduced an important parameter related to the BCT for cryptographic S-boxes called boomerang uniformity. The purpose of this paper is to present a brief state-of-the-art on the notion of boomerang uniformity of vectorial Boolean functions (or S-boxes) and provide new results. More specifically, we present a slightly different but more convenient formulation of the boomerang uniformity and prove some new identities. Moreover, we focus on quadratic permutations in even dimension and obtain general criteria by which they have optimal BCT. As a consequence of the new criteria, two previously known results can be derived, and many new quadratic permutations with optimal BCT (optimal means that the maximal value in the Boomerang Connectivity Table equals the lowest known differential uniformity) can be found. In particular, we show that the boomerang uniformity of the binomial differentially 4-uniform permutations presented by Bracken, Tan, and Tan equals 4. Furthermore, we show a link between the boomerang uniformity and the nonlinearity for some special quadratic permutations. Finally, we present a characterization of quadratic permutations with boomerang uniformity 4. With this characterization, we show that the boomerang uniformity of a quadratic permutation with boomerang uniformity 4 is preserved by the extended affine (EA) equivalence. [ABSTRACT FROM AUTHOR]

Published

2020

28. Improved (related-key) Attacks on Round-Reduced KATAN-32/48/64 Based on the Extended Boomerang Framework

Author

Chen, Jiageng, Teh, Je Sen, Su, Chunhua, Samsudin, Azman, Fang, Junbin, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Liu, Joseph K., editor, and Steinfeld, Ron, editor

Published

2016

29. Boomerang Attack on Step-Reduced SHA-512

Author

Yu, Hongbo, Bai, Dongxia, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lin, Dongdai, editor, Yung, Moti, editor, and Zhou, Jianying, editor

Published

2015

30. The Boomerang Attacks on BLAKE and BLAKE2

Author

Hao, Yonglin, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lin, Dongdai, editor, Yung, Moti, editor, and Zhou, Jianying, editor

Published

2015

31. A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers

Author

Carlos Cid, Tao Huang, Thomas Peyrin, Yu Sasaki, and Ling Song

Subjects

Deoxys-BC, AES, authenticated encryption, block cipher, differential cryptanalysis, boomerang attack, MILP, linear incompatibility, ladder switch, Computer engineering. Computer hardware, TK7885-7895

Abstract

In this article, we provide the first independent security analysis of Deoxys, a third-round authenticated encryption candidate of the CAESAR competition, and its internal tweakable block ciphers Deoxys-BC-256 and Deoxys-BC-384. We show that the related-tweakey differential bounds provided by the designers can be greatly improved thanks to a Mixed Integer Linear Programming (MILP) based search tool. In particular, we develop a new method to incorporate linear incompatibility in the MILP model. We use this tool to generate valid differential paths for reduced-round versions of Deoxys-BC-256 and Deoxys-BC-384, later combining them into broader boomerang or rectangle attacks. Here, we also develop a new MILP model which optimises the two paths by taking into account the effect of the ladder switch technique. Interestingly, with the tweak in Deoxys-BC providing extra input as opposed to a classical block cipher, we can even consider beyond full-codebook attacks. As these primitives are based on the TWEAKEY framework, we further study how the security of the cipher is impacted when playing with the tweak/key sizes. All in all, we are able to attack 10 rounds of Deoxys-BC-256 (out of 14) and 13 rounds of Deoxys-BC-384 (out of 16). The extra rounds specified in Deoxys-BC to balance the tweak input (when compared to AES) seem to provide about the same security margin as AES-128. Finally we analyse why the authenticated encryption modes of Deoxys mostly prevent our attacks on Deoxys-BC to apply to the authenticated encryption primitive.

Published

2017

32. New Related-Tweakey Boomerang and Rectangle Attacks on Deoxys-BC Including BDT Effect

Author

Boxin Zhao, Xiaoyang Dong, and Keting Jia

Subjects

CAESAR, Deoxys-BC, Boomerang Attack, Rectangle Attack, TWEAKEY, Computer engineering. Computer hardware, TK7885-7895

Abstract

In the CAESAR competition, Deoxys-I and Deoxys-II are two important authenticated encryption schemes submitted by Jean et al. Recently, Deoxys-II together with Ascon, ACORN, AEGIS-128, OCB and COLM have been selected as the final CAESAR portfolio. Notably, Deoxys-II is also the primary choice for the use case “Defense in depth”. However, Deoxys-I remains to be one of the third-round candidates of the CAESAR competition. Both Deoxys-I and Deoxys-II adopt Deoxys-BC-256 and Deoxys-BC-384 as their internal tweakable block ciphers. In this paper, we investigate the security of round-reduced Deoxys-BC-256/-384 and Deoxys-I against the related-tweakey boomerang and rectangle attacks with some new boomerang distinguishers. For Deoxys-BC-256, we present 10-round related-tweakey boomerang and rectangle attacks for the popular setting (|tweak|, |key|) = (128, 128), which reach one more round than the previous attacks in this setting. Moreover, an 11-round related-tweakey rectangle attack on Deoxys-BC-256 is given for the first time. We also put forward a 13-round related-tweakey boomerang attack in the popular setting (|tweak|, |key|) = (128, 256) for Deoxys-BC-384, while the previous attacks in this setting only work for 12 rounds at most. In addition, the first 14-round relatedtweakey rectangle attack on Deoxys-BC-384 is given when (|tweak| < 98, |key| > 286), that attacks one more round than before. Besides, we give the first 10-round rectangle attack on the authenticated encryption mode Deoxys-I-128-128 with one more round than before, and we also reduce the complexity of the related-tweakey rectangle attack on 12-round Deoxys-I-256-128 by a factor of 228. Our attacks can not be applied to (round-reduced) Deoxys-II.

Published

2019

33. Boomerang Switch in Multiple Rounds. Application to AES Variants and Deoxys

Author

Haoyang Wang and Thomas Peyrin

Subjects

Boomerang attack, Switching effect, BCT, Boomerang Difference Table, AES, Deoxys, Computer engineering. Computer hardware, TK7885-7895

Abstract

The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristics at the switching round can have a significant impact on the complexity of the attack, or even potentially invalidate it. In this paper, we revisit the issue of boomerang switching effect, and exploit it in the case where multiple rounds are involved. To support our analysis, we propose a tool called Boomerang Difference Table (BDT), which can be seen as an improvement of the BCT and allows a systematic evaluation of the boomerang switch through multiple rounds. In order to illustrate the power of this technique, we propose a new related-key attack on 10-round AES-256 which requires only 2 simple related-keys and 275 computations. This is a much more realistic scenario than the state-of-the-art 10-round AES-256 attacks, where subkey oracles, or several related-keys and high computational power is needed. Furthermore, we also provide improved attacks against full AES-192 and reduced-round Deoxys.

Published

2019

34. Boomerang Connectivity Table Revisited. Application to SKINNY and AES

Author

Ling Song, Xianrui Qin, and Lei Hu

Subjects

block cipher, boomerang attack, sandwich attack, boomerang connectivity table, SKINNY, AES, Computer engineering. Computer hardware, TK7885-7895

Abstract

The boomerang attack is a variant of differential cryptanalysis which regards a block cipher E as the composition of two sub-ciphers, i.e., E = E1 o E0, and which constructs distinguishers for E with probability p2q2 by combining differential trails for E0 and E1 with probability p and q respectively. However, the validity of this attack relies on the dependency between the two differential trails. Murphy has shown cases where probabilities calculated by p2q2 turn out to be zero, while techniques such as boomerang switches proposed by Biryukov and Khovratovich give rise to probabilities greater than p2q2. To formalize such dependency to obtain a more accurate estimation of the probability of the distinguisher, Dunkelman et al. proposed the sandwich framework that regards E as Ẽ1 o Em o Ẽ0, where the dependency between the two differential trails is handled by a careful analysis of the probability of the middle part Em. Recently, Cid et al. proposed the Boomerang Connectivity Table (BCT) which unifies the previous switch techniques and incompatibility together and evaluates the probability of Em theoretically when Em is composed of a single S-box layer. In this paper, we revisit the BCT and propose a generalized framework which is able to identify the actual boundaries of Em which contains dependency of the two differential trails and systematically evaluate the probability of Em with any number of rounds. To demonstrate the power of this new framework, we apply it to two block ciphers SKINNY and AES. In the application to SKINNY, the probabilities of four boomerang distinguishers are re-evaluated. It turns out that Em involves5 or 6 rounds and the probabilities of the full distinguishers are much higher than previously evaluated. In the application to AES, the new framework is used to exclude incompatibility and find high probability distinguishers of AES-128 under the related-subkey setting. As a result, a 6-round distinguisher with probability 2−109.42 is constructed. Lastly, we discuss the relation between the dependency of two differential trails in boomerang distinguishers and the properties of components of the cipher.

Published

2019

35. Automatic Search of Rectangle Attacks on Feistel Ciphers: Application to WARP

Author

Lallemand, Virginie, Minier, Marine, Rouquette, Loïc, Cryptology, arithmetic : algebraic methods for better algorithms (CARAMBA), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Algorithms, Computation, Image and Geometry (LORIA - ALGO), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Université Lumière - Lyon 2 (UL2)-École Centrale de Lyon (ECL), Université de Lyon-Université de Lyon-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS), CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria), and ANR-18-CE39-0007,DeCrypt,Langage Déclaratif pour la cryptographie symétrique(2018)

Subjects

Cryptanalysis, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Computational Mathematics, Applied Mathematics, Feistel cipher, WARP, Boomerang attack, Software, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], Computer Science Applications

Abstract

International audience; In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al. automated tool to the case of Feistel ciphers, and discuss several improvements to keep the execution time reasonable. This technique returns a 23-round distinguisher of probability 2^{−124}, which becomes the best distinguisher presented on WARP so far. We then look for an attack by adding the key recovery phase to our model and we obtain a 26-round rectangle attack with time and data complexities of 2^{115.9} and 2^{120.6} respectively, again resulting in the best result presented so far. Incidentally, our analysis discloses how an attacker can take advantage of the position of the key addition (put after the S-box application to avoid complementation properties), which in our case offers an improvement of a factor of 2^{75} of the time complexity in comparison to a variant with the key addition positioned before. Note that our findings do not threaten the security of the cipher which iterates 41 rounds.

Published

2022

36. Formal Analysis of Boomerang Probabilities

Author

Kidmose, Andreas B. and Tiessen, Tyge

Subjects

Cryptanalysis, Computational Mathematics, boomerang attack, cryptanalysis, Applied Mathematics, independence, Serpent, Independence, Boomerang attack, Software, Computer Science Applications

Abstract

In the past 20 years since their conception, boomerang attacks have become an important tool in the cryptanalysis of block ciphers. In the classical estimate of their success probability, assumptions are made about the independence of the underlying differential trails that are not well-founded. We underline the problems inherent in these independence assumptions by using them to prove that for any boomerang there exists a differential trail over the entire cipher with a higher probability than the boomerang.While cryptanalysts today have a clear understanding that the trails can be dependent, the focus of previous research has mostly gone into using these dependencies to improve attacks but little effort has been put into giving boomerangs and their success probabilities a stronger theoretical underpinning. With this publication, we provide such a formalization.We provide a framework which allows us to formulate and prove rigorous statements about the probabilities involved in boomerang attacks without relying on independence assumptions of the trails. Among these statements is a proof that two-round boomerangs on SPNs with differentially 4-uniform S-boxes always deviate from the classical probability estimate to the largest degree possible.We applied the results of this formalization to analyze the validity of some of the first boomerang attacks. We show that the boomerang constructed in the amplified boomerang attack on Serpent by Kelsey, Kohno, and Schneier has probability zero. For the rectangle attack on Serpent by Dunkelman, Biham, and Keller, we demonstrate that a minuscule fraction of only 2−43.4 of all differential trail combinations used in the original attack have a non-zero probability. In spite of this, the probability of the boomerang is in fact a little higher than the original estimate suggests as the non-zero trails have a vastly higher probability than the classical estimate predicts.

Published

2022

37. Differential Cryptanalysis and Boomerang Cryptanalysis of LBlock

Author

Chen, Jiageng, Miyaji, Atsuko, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Cuzzocrea, Alfredo, editor, Kittl, Christian, editor, Simos, Dimitris E., editor, Weippl, Edgar, editor, and Xu, Lida, editor

Published

2013

38. Related-Key Boomerang Attacks on KATAN32/48/64

Author

Isobe, Takanori, Sasaki, Yu, Chen, Jiageng, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Boyd, Colin, editor, and Simpson, Leonie, editor

Published

2013

39. Improved Boomerang Attacks on SM3

Author

Bai, Dongxia, Yu, Hongbo, Wang, Gaoli, Wang, Xiaoyun, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Boyd, Colin, editor, and Simpson, Leonie, editor

Published

2013

40. The Boomerang Attacks on the Round-Reduced Skein-512

Author

Yu, Hongbo, Chen, Jiazhe, Wang, Xiaoyun, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Knudsen, Lars R., editor, and Wu, Huapeng, editor

Published

2013

41. Boomerang and Slide-Rotational Analysis of the SM3 Hash Function

Author

Kircanski, Aleksandar, Shen, Yanzhao, Wang, Gaoli, Youssef, Amr M., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Knudsen, Lars R., editor, and Wu, Huapeng, editor

Published

2013

42. On the Boomerang Uniformity of Cryptographic Sboxes

Author

Christina Boura and Anne Canteaut

Subjects

Sbox, Boomerang Connectivity Table, Boomerang attack, Boomerang uniformity, Computer engineering. Computer hardware, TK7885-7895

Abstract

The boomerang attack is a cryptanalysis technique against block ciphers which combines two differentials for the upper part and the lower part of the cipher. The dependency between these two differentials then highly affects the complexity of the attack and all its variants. Recently, Cid et al. introduced at Eurocrypt’18 a new tool, called the Boomerang Connectivity Table (BCT) that permits to simplify this complexity analysis, by storing and unifying the different switching probabilities of the cipher’s Sbox in one table. In this seminal paper a brief analysis of the properties of these tables is provided and some open questions are raised. It is being asked in particular whether Sboxes with optimal BCTs exist for even dimensions, where optimal means that the maximal value in the BCT equals the lowest known differential uniformity. When the dimension is even and differs from 6, such optimal Sboxes correspond to permutations such that the maximal value in their DDT and in their BCT equals 4 (unless APN permutations for such dimensions exist). We provide in this work a more in-depth analysis of boomerang connectivity tables, by studying more closely differentially 4-uniform Sboxes. We first completely characterize the BCT of all differentially 4-uniform permutations of 4 bits and then study these objects for some cryptographically relevant families of Sboxes, as the inverse function and quadratic permutations. These two families provide us with the first examples of differentially 4-uniform Sboxes optimal against boomerang attacks for an even number of variables, answering the above open question.

Published

2018

43. Boomerang Distinguishers for Full HAS-160 Compression Function

Author

Sasaki, Yu, Wang, Lei, Takasaki, Yasuhiro, Sakiyama, Kazuo, Ohta, Kazuo, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Hanaoka, Goichiro, editor, and Yamauchi, Toshihiro, editor

Published

2012

44. Boomerang Distinguishers on MD4-Family: First Practical Results on Full 5-Pass HAVAL

Author

Sasaki, Yu, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Miri, Ali, editor, and Vaudenay, Serge, editor

Published

2012

45. Boomerang Attacks on Hash Function Using Auxiliary Differentials

Author

Leurent, Gaëtan, Roy, Arnab, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, and Dunkelman, Orr, editor

Published

2012

46. A Related-Key Attack on Block Ciphers with Weak Recurrent Key Schedules

Author

Pudovkina, Marina, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Garcia-Alfaro, Joaquin, editor, and Lafourcade, Pascal, editor

Published

2012

47. Boomerang Attacks on BLAKE-32

Author

Biryukov, Alex, Nikolić, Ivica, Roy, Arnab, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, and Joux, Antoine, editor

Published

2011

48. Amélioration du passage à l’échelle et de la réutilisabilité des modèles de cryptanalyse différentielle à l'aide de la programmation par contraintes

Author

Rouquette, Loïc, Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Université Lumière - Lyon 2 (UL2)-École Centrale de Lyon (ECL), Université de Lyon-Université de Lyon-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS), Robots coopératifs et adaptés à la présence humaine en environnements (CHROMA), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-CITI Centre of Innovation in Telecommunications and Integration of services (CITI), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Inria Lyon, Institut National de Recherche en Informatique et en Automatique (Inria), INSA de Lyon, Christine Solnon, Marine Minier, Rouquette, Loïc, and APPEL À PROJETS GÉNÉRIQUE 2018 - Langage Déclaratif pour la cryptographie symétrique - - DeCrypt2018 - ANR-18-CE39-0007 - AAPG2018 - VALID

Subjects

Attaque boomerang, AES, Informatics, Attaque Boomerag, Cryptanalyse différentielle, Differential cryptanalysis, [INFO.INFO-RO]Computer Science [cs]/Operations Research [cs.RO], WARP, Informatique, Feistel network, WARP network, Chiffrement WARP, CP, Midori, Rijndael, Programmation par Contraintes, [MATH.MATH-CO]Mathematics [math]/Combinatorics [math.CO], Cryptography, Chiffrement AES, Constraint programming, Chiffrement de Feistel, Cryptographie, AES network, Boomerang attack, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR]

Abstract

In this thesis, we are interested in the use of constraint programming (CP) for solving differential cryptanalysis problems. In particular, we are interested in differential (related or single key) characteristic search problems for the symmetric encryption algorithms Rijndael, AES and Midori. We have alsomodelled boomerang attacks for Rijndael and generalized this method to Feistel schemes. This new modelling has been tested on WARP, Twine and LBlock-s encryption. To solve these different problems, we have proposed new techniques combining SAT and CP solvers. We have also introduced a new global constraint to more efficiently propagate a set of XOR constraints when searching for truncated differential characteristics. These new models have allowed us to improve the performance of existing solutions and to discover new distinguishers for WARP (23 rounds), Twine (15 and 16 rounds) and LBlock-s (16 rounds). We also found new attacks on Rijndael (9 rounds with the 128-160 version, 12 rounds with the 128-224 and 160-256 versions) and on WARP (26 rounds)., Dans cette thèse, nous nous intéressons à l’utilisation de la programmation par contraintes (CP) pour la résolution de problèmes de cryptanalyse différentielle. Nous nous intéressons plus particulièrement aux problèmes de recherche de caractéristiques différentielles (à clés liées ou non) pour les algorithmes de chiffrement symétriques Rijndael, AES et Midori. Nous avons également modélisé des attaques boomerangs pour Rijndael et généralisé cette méthode aux schémas Feistel. Cette nouvelle modélisation a été expérimentée sur les chiffrements WARP, Twine et LBlock-s. Pour résoudre ces différents problèmes, nous avons proposé de nouvelles techniques combinant des solveurs SAT et CP. Nous avons également introduit une nouvelle contrainte globale permettant de propager plus efficacement un ensemble de contraintes XOR lors de la recherche de caractéristiques différentielles tronquées. Ces nouveaux modèles nous ont permis d'améliorer les performances de solutions existantes et de découvrir de nouveaux distingueurs pour WARP (23 tours), Twine (15 et 16 tours) ainsi que pour LBlock-s (16 tours). Nous avons également trouvé de nouvelles attaques sur Rijndael (9 tours avec la version 128-160, 12 tours avec les versions 128-224 et 160-256) et sur WARP (26 tours).

Published

2022

49. New Boomerang Attacks on ARIA

Author

Fleischmann, Ewan, Forler, Christian, Gorski, Michael, Lucks, Stefan, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Gong, Guang, editor, and Gupta, Kishan Chand, editor

Published

2010

50. A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony

Author

Dunkelman, Orr, Keller, Nathan, Shamir, Adi, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, and Rabin, Tal, editor

Published

2010