Paper 2019/669

Related-Key Boomerang Attacks on GIFT with Automated Trail Search Including BCT Effect

Yunwen Liu and Yu Sasaki


In Eurocrypt 2018, Cid et al. proposed a novel notion called the boomerang connectivity table, which formalised the switch property in the middle round of boomerang distinguishers in a unified approach. In this paper, we present a generic model of the boomerang connectivity table with automatic search technique for the first time, and search for (related-key) boomerang distinguishers directly by combining with the search of (related-key) differential characteristics. With the technique, we are able to find 19-round related-key boomerang distinguishers in the lightweight block cipher \textsc{Gift}-64 and \textsc{Gift}-128. Interestingly, a transition that is not predictable by the conventional switches is realised in a boomerang distinguisher predicted by the boomerang connectivity table. In addition, we experimentally extend the 19-round distinguisher by one more round. A 23-round key-recovery attack is presented on \textsc{Gift}-64 based on the distinguisher, which covers more rounds than previous known results in the single-key setting. Although the designers of \textsc{Gift} do not claim related-key security, bit positions of the key addition and 16-bit rotations were chosen to optimize the related-key differential bound. Indeed, the designers evaluated related-key differential attacks. This is the first work to present better related-key attacks than the simple related-key differential attack.

Note: This is a pre-print of an article published in ACISP 2019.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. ACISP 2019
Boomerang connectivity tableGIFTAutomatic search
Contact author(s)
yusasaki0930 @ gmail com
2019-06-06: received
Short URL
Creative Commons Attribution


      author = {Yunwen Liu and Yu Sasaki},
      title = {Related-Key Boomerang Attacks on GIFT with Automated Trail Search Including BCT Effect},
      howpublished = {Cryptology ePrint Archive, Paper 2019/669},
      year = {2019},
      doi = {10.1007/978-3-030-21548-4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.