Paper 2002/041

New Results on Boomerang and Rectangle Attack

Eli Biham, Orr Dunkelman, and Nathan Keller


The boomerang attack is a new and very powerful cryptanalytic technique. However, due to the adaptive chosen plaintext and ciphertext nature of the attack, boomerang key recovery attacks that retrieve key material on both sides of the boomerang distinguisher are hard to mount. We also present a method for using a boomerang distinguisher, which enables retrieving subkey bits on both sides of the boomerang distinguisher. The rectangle attack evolved from the boomerang attack.In this paper we present a new algorithm which improves the results of the rectangle attack. Using these improvements we can attack 3.5-round SC2000 with $2^{67}$ adaptive chosen plaintexts and ciphertexts, and 10-round Serpent with time complexity of $2^{173.8}$ memory accesses (which are equivalent to $2^{165.3}$ Serpent encryptions) with data complexity of $2^{126.3}$ chosen plaintexts.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. FSE 2002
cryptanalysisBoomerang attackRectangle Attack
Contact author(s)
orrd @ cs technion ac il
2002-03-31: received
Short URL
Creative Commons Attribution


      author = {Eli Biham and Orr Dunkelman and Nathan Keller},
      title = {New Results on Boomerang and Rectangle Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2002/041},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.