The (related-key) impossible boomerang attack and its application to the AES block cipher

Lu, Jiqiang

doi:10.1007/s10623-010-9421-9

Cited by 5 publications

(15 citation statements)

References 44 publications

(101 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Building upon the foundations of the impossible differential attack and the boomerang attack, we think it is an interesting idea to combine them together, with the name impossible boomerang attack. The impossible boomerang (IB) attack was firstly proposed by Lu in his doctoral thesis [Lu08] and subsequently published in [Lu11]. In [Lu08,Lu11], the author introduced the definition and extended its application to the related-key scenario.…”

Section: Introductionmentioning

confidence: 99%

“…The impossible boomerang (IB) attack was firstly proposed by Lu in his doctoral thesis [Lu08] and subsequently published in [Lu11]. In [Lu08,Lu11], the author introduced the definition and extended its application to the related-key scenario. With this new technique, Lu proposed several single-key attacks on 6-round AES-128 and 7-round AES-192/AES-256, and related-key attacks on 8-round AES-192 and 9-round AES-256.…”

Section: Introductionmentioning

confidence: 99%

“…• We revisit the impossible boomerang attack proposed in [Lu11] and introduce the applicable Generalized Boomerang Framework (GBF). For the impossible boomerang, we introduce the generation of contradictions and its advantages over the impossible [SZY + 22] † Some attacks listed are beyond full-codebook attacks.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Impossible Boomerang Attacks Revisited

Zhang,

Wang,

Tang

2024

ToSC

View full text Add to dashboard Cite

The impossible boomerang (IB) attack was first introduced by Lu in his doctoral thesis and subsequently published at DCC in 2011. The IB attack is a variant of the impossible differential (ID) attack by incorporating the idea of the boomerang attack. In this paper, we revisit the IB attack, and introduce the incompatibility of two characteristics in boomerang to the construction of an IB distinguisher. With our methodology, all the constructions of IB distinguisher are represented in a unified manner. Moreover, we show that the related-(twea)key IB distinguishers possess more freedom than the ones of ID so that it can cover more rounds.We also propose a new tool based on Mixed-Integer Quadratically-Constrained Programming (MIQCP) to search for IB attacks. To illustrate the power of the IB attack, we mount attacks against three tweakable block ciphers: Deoxys-BC, Joltik-BC and SKINNY. For Deoxys-BC, we propose a related-tweakey IB attack on 14-round Deoxys-BC-384, which improves the best previous related-tweakey ID attack by 2 rounds, and we improve the data complexity of the best previous related-tweakey ID attack on 10-round Deoxys-BC-256. For Joltik-BC, we propose the best attacks against 10-round Joltik-BC-128 and 14-round Joltik-BC-192 with related-tweakey B attack. For SKINNY-n-3n, we propose a 27-round related-tweakey IB attack, which improves both the time and the memory complexities of the best previous ID attack. We also propose the first related-tweakey IB attack on 28-round SKINNY-n-3n, which improves the previous best ID attack by one round.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Impossible Boomerang Attacks Revisited

Zhang,

Wang,

Tang

2024

ToSC

View full text Add to dashboard Cite

show abstract

“…The basic idea of boomerang cryptanalysis is to use short differential characteristics with relatively large probabilities to form long differential characteristics with high probability. Related-key impossible boomerang cryptanalysis [19] is obtained by using these three attacks in combination. Until now, many satisfying analysis results are obtained on AES and LBlock by using this cryptanalytic technique [19][20].…”

Section: Introductionmentioning

confidence: 99%

“…Related-key impossible boomerang cryptanalysis [19] is obtained by using these three attacks in combination. Until now, many satisfying analysis results are obtained on AES and LBlock by using this cryptanalytic technique [19][20].…”

Section: Introductionmentioning

confidence: 99%

Related-key Impossible Boomerang Cryptanalysis on LBlock-s

2019

KSII TIIS

View full text Add to dashboard Cite

LBlock-s is the core block cipher of authentication encryption algorithm LAC, which uses the same structure of LBlock and an improved key schedule algorithm with better diffusion property. Using the differential properties of the key schedule algorithm and the cryptanalytic technique which combines impossible boomerang attacks with related-key attacks, a 15-round related-key impossible boomerang distinguisher is constructed for the first time. Based on the distinguisher, an attack on 22-round LBlock-s is proposed by adding 4 rounds on the top and 3 rounds at the bottom. The time complexity is about only 2 68.76 22-round encryptions and the data complexity is about 2 58 chosen plaintexts. Compared with published cryptanalysis results on LBlock-s, there has been a sharp decrease in time complexity and an ideal data complexity.

show abstract