Boomerang switch in multiple rounds. Application to AES variants and deoxys

The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristi...

Full description

Saved in:
Bibliographic Details
Main Authors: Wang, Haoyang, Peyrin, Thomas
Other Authors: School of Physical and Mathematical Sciences
Format: Article
Language:English
Published: 2019
Subjects:
Online Access:https://hdl.handle.net/10356/104757
http://hdl.handle.net/10220/49459
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-104757
record_format dspace
spelling sg-ntu-dr.10356-1047572020-09-26T22:19:05Z Boomerang switch in multiple rounds. Application to AES variants and deoxys Wang, Haoyang Peyrin, Thomas School of Physical and Mathematical Sciences Temasek Laboratories DRNTU::Science::Mathematics Boomerang Attack Switching Effect The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristics at the switching round can have a significant impact on the complexity of the attack, or even potentially invalidate it. In this paper, we revisit the issue of boomerang switching effect, and exploit it in the case where multiple rounds are involved. To support our analysis, we propose a tool called Boomerang Difference Table (BDT), which can be seen as an improvement of the BCT and allows a systematic evaluation of the boomerang switch through multiple rounds. In order to illustrate the power of this technique, we propose a new related-key attack on 10-round AES-256 which requires only 2 simple related-keys and 275 computations. This is a much more realistic scenario than the state-of-the-art 10-round AES-256 attacks, where subkey oracles, or several related-keys and high computational power is needed. Furthermore, we also provide improved attacks against full AES-192 and reduced-round Deoxys. Published version 2019-07-24T05:32:16Z 2019-12-06T21:39:01Z 2019-07-24T05:32:16Z 2019-12-06T21:39:01Z 2019 Journal Article Wang, H., & Peyrin, T. (2019). Boomerang switch in multiple rounds. Application to AES variants and deoxys. IACR Transactions on Symmetric Cryptology, 2019(1), 142-169. doi:10.13154/tosc.v2019.i1.142-169 https://hdl.handle.net/10356/104757 http://hdl.handle.net/10220/49459 10.13154/tosc.v2019.i1.142-169 en IACR Transactions on Symmetric Cryptology © 2019 The Author(s). All rights reserved. This paper was published by Ruhr University Bochum in IACR Transactions on Symmetric Cryptology and is made available with permission of The Author(s). 28 p. application/pdf
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Science::Mathematics
Boomerang Attack
Switching Effect
spellingShingle DRNTU::Science::Mathematics
Boomerang Attack
Switching Effect
Wang, Haoyang
Peyrin, Thomas
Boomerang switch in multiple rounds. Application to AES variants and deoxys
description The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristics at the switching round can have a significant impact on the complexity of the attack, or even potentially invalidate it. In this paper, we revisit the issue of boomerang switching effect, and exploit it in the case where multiple rounds are involved. To support our analysis, we propose a tool called Boomerang Difference Table (BDT), which can be seen as an improvement of the BCT and allows a systematic evaluation of the boomerang switch through multiple rounds. In order to illustrate the power of this technique, we propose a new related-key attack on 10-round AES-256 which requires only 2 simple related-keys and 275 computations. This is a much more realistic scenario than the state-of-the-art 10-round AES-256 attacks, where subkey oracles, or several related-keys and high computational power is needed. Furthermore, we also provide improved attacks against full AES-192 and reduced-round Deoxys.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Wang, Haoyang
Peyrin, Thomas
format Article
author Wang, Haoyang
Peyrin, Thomas
author_sort Wang, Haoyang
title Boomerang switch in multiple rounds. Application to AES variants and deoxys
title_short Boomerang switch in multiple rounds. Application to AES variants and deoxys
title_full Boomerang switch in multiple rounds. Application to AES variants and deoxys
title_fullStr Boomerang switch in multiple rounds. Application to AES variants and deoxys
title_full_unstemmed Boomerang switch in multiple rounds. Application to AES variants and deoxys
title_sort boomerang switch in multiple rounds. application to aes variants and deoxys
publishDate 2019
url https://hdl.handle.net/10356/104757
http://hdl.handle.net/10220/49459
_version_ 1681058894548303872