Paper 2009/489

Impossible Boomerang Attack for Block Cipher Structures

Jiali Choy and Huihui Yap

Abstract

Impossible boomerang attack \cite{lu} (IBA) is a new variant of differential cryptanalysis against block ciphers. Evident from its name, it combines the ideas of both impossible differential cryptanalysis and boomerang attack. Though such an attack might not be the best attack available, its complexity is still less than that of the exhaustive search. In impossible boomerang attack, impossible boomerang distinguishers are used to retrieve some of the subkeys. Thus the security of a block cipher against IBA can be evaluated by impossible boomerang distinguishers. In this paper, we study the impossible boomerang distinguishers for block cipher structures whose round functions are bijective. Inspired by the $\mathcal{U}$-method in \cite{kim}, we provide an algorithm to compute the maximum length of impossible boomerang distinguishers for general block cipher structures, and apply the algorithm to known block cipher structures such as Nyberg's generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, etc.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Updated version of the paper accepted by IWSEC 2009
Keywords
Block CiphersImpossible Boomerang AttackImpossible Boomerang Distinguishers
Contact author(s)
yhuihui @ dso org sg
History
2009-10-06: revised
2009-10-05: received
See all versions
Short URL
https://ia.cr/2009/489
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/489,
      author = {Jiali Choy and Huihui Yap},
      title = {Impossible Boomerang Attack for Block Cipher Structures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/489},
      year = {2009},
      url = {https://eprint.iacr.org/2009/489}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.