Boomerang switch in multiple rounds. Application to AES variants and deoxys
The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristi...
Saved in:
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/104757 http://hdl.handle.net/10220/49459 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-104757 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1047572020-09-26T22:19:05Z Boomerang switch in multiple rounds. Application to AES variants and deoxys Wang, Haoyang Peyrin, Thomas School of Physical and Mathematical Sciences Temasek Laboratories DRNTU::Science::Mathematics Boomerang Attack Switching Effect The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristics at the switching round can have a significant impact on the complexity of the attack, or even potentially invalidate it. In this paper, we revisit the issue of boomerang switching effect, and exploit it in the case where multiple rounds are involved. To support our analysis, we propose a tool called Boomerang Difference Table (BDT), which can be seen as an improvement of the BCT and allows a systematic evaluation of the boomerang switch through multiple rounds. In order to illustrate the power of this technique, we propose a new related-key attack on 10-round AES-256 which requires only 2 simple related-keys and 275 computations. This is a much more realistic scenario than the state-of-the-art 10-round AES-256 attacks, where subkey oracles, or several related-keys and high computational power is needed. Furthermore, we also provide improved attacks against full AES-192 and reduced-round Deoxys. Published version 2019-07-24T05:32:16Z 2019-12-06T21:39:01Z 2019-07-24T05:32:16Z 2019-12-06T21:39:01Z 2019 Journal Article Wang, H., & Peyrin, T. (2019). Boomerang switch in multiple rounds. Application to AES variants and deoxys. IACR Transactions on Symmetric Cryptology, 2019(1), 142-169. doi:10.13154/tosc.v2019.i1.142-169 https://hdl.handle.net/10356/104757 http://hdl.handle.net/10220/49459 10.13154/tosc.v2019.i1.142-169 en IACR Transactions on Symmetric Cryptology © 2019 The Author(s). All rights reserved. This paper was published by Ruhr University Bochum in IACR Transactions on Symmetric Cryptology and is made available with permission of The Author(s). 28 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Science::Mathematics Boomerang Attack Switching Effect |
| spellingShingle |
DRNTU::Science::Mathematics Boomerang Attack Switching Effect Wang, Haoyang Peyrin, Thomas Boomerang switch in multiple rounds. Application to AES variants and deoxys |
| description |
The boomerang attack is a cryptanalysis technique that allows an attacker to concatenate two short differential characteristics. Several research results (ladder switch, S-box switch, sandwich attack, Boomerang Connectivity Table (BCT), ...) showed that the dependency between these two characteristics at the switching round can have a significant impact on the complexity of the attack, or even potentially invalidate it. In this paper, we revisit the issue of boomerang switching effect, and exploit it in the case where multiple rounds are involved. To support our analysis, we propose a tool called Boomerang Difference Table (BDT), which can be seen as an improvement of the BCT and allows a systematic evaluation of the boomerang switch through multiple rounds. In order to illustrate the power of this technique, we propose a new related-key attack on 10-round AES-256 which requires only 2 simple related-keys and 275 computations. This is a much more realistic scenario than the state-of-the-art 10-round AES-256 attacks, where subkey oracles, or several related-keys and high computational power is needed. Furthermore, we also provide improved attacks against full AES-192 and reduced-round Deoxys. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Wang, Haoyang Peyrin, Thomas |
| format |
Article |
| author |
Wang, Haoyang Peyrin, Thomas |
| author_sort |
Wang, Haoyang |
| title |
Boomerang switch in multiple rounds. Application to AES variants and deoxys |
| title_short |
Boomerang switch in multiple rounds. Application to AES variants and deoxys |
| title_full |
Boomerang switch in multiple rounds. Application to AES variants and deoxys |
| title_fullStr |
Boomerang switch in multiple rounds. Application to AES variants and deoxys |
| title_full_unstemmed |
Boomerang switch in multiple rounds. Application to AES variants and deoxys |
| title_sort |
boomerang switch in multiple rounds. application to aes variants and deoxys |
| publishDate |
2019 |
| url |
https://hdl.handle.net/10356/104757 http://hdl.handle.net/10220/49459 |
| _version_ |
1681058894548303872 |