Paper 2014/563

Analysis of Boomerang Differential Trails via a SAT-Based Constraint Solver URSA

Aleksandar Kircanski

Abstract

In order to obtain differential patterns over many rounds of a cryptographic primitive, the cryptanalyst often needs to work on local differential trail analysis. Examples include merging two differential trail parts into one or, in the case of boomerang and rectangle attacks, connecting two short trails within the quartet boomerang setting. In the latter case, as shown by Murphy in 2011, caution should be exercised as there is increased chance of running into contradictions in the middle rounds of the primitive. In this paper, we propose the use of a SAT-based constraint solver URSA as aid in analysis of differential trails and find that previous rectangle/boomerang attacks on XTEA and SHACAL-1 block ciphers and SM3 hash function are based on incompatible trails. Given the C specification of the cryptographic primitive, verifying differential trail portions requires minimal work on the side of the cryptanalyst.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
akircanski @ gmail com
History
2014-07-18: received
Short URL
https://ia.cr/2014/563
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/563,
      author = {Aleksandar Kircanski},
      title = {Analysis of Boomerang Differential Trails via a {SAT}-Based Constraint Solver {URSA}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/563},
      year = {2014},
      url = {https://eprint.iacr.org/2014/563}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.