Paper 2020/102

New Related-Tweakey Boomerang and Rectangle Attacks on Deoxys-BC Including BDT Effect

Boxin Zhao, Xiaoyang Dong, and Keting Jia


In the CAESAR competition, Deoxys-I and Deoxys-II are two important authenticated encryption schemes submitted by Jean et al. Recently, Deoxys-II together with Ascon, ACORN, AEGIS-128, OCB and COLM have been selected as the final CAESAR portfolio. Notably, Deoxys-II is also the primary choice for the use case ``Defense in depth''. However, Deoxys-I remains to be one of the third-round candidates of the CAESAR competition. Both Deoxys-I and Deoxys-II adopt Deoxys-BC-256 and Deoxys-BC-384 as their internal tweakable block ciphers. In this paper, we investigate the security of round-reduced Deoxys-BC-256/-384 and Deoxys-I against the related-tweakey boomerang and rectangle attacks with some new boomerang distinguishers. For Deoxys-BC-256, we present 10-round related-tweakey boomerang and rectangle attacks for the popular setting $(|tweak|,|key|)=(128,128)$, which reach one more round than the previous attacks in this setting. Moreover, an 11-round related-tweakey rectangle attack on Deoxys-BC-256 is given for the first time. We also put forward a 13-round related-tweakey boomerang attack in the popular setting $(|tweak|,|key|)=(128,256)$ for Deoxys-BC-384, while the previous attacks in this setting only work for 12 rounds at most. In addition, the first 14-round related-tweakey rectangle attack on Deoxys-BC-384 is given when $(|tweak|<98,|key|>286)$, that attacks one more round than before. Besides, we give the first 10-round rectangle attack on the authenticated encryption mode Deoxys-I-128-128 with one more round than before, and we also reduce the complexity of the related-tweakey rectangle attack on 12-round Deoxys-I-256-128 by a factor of $2^{28}$. Our attacks can not be applied to (round-reduced) Deoxys-II.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in FSE 2020
CAESARDeoxys-BCBoomerang AttackRectangle AttackTWEAKEY
Contact author(s)
xiaoyangdong @ tsinghua edu cn
2020-02-04: received
Short URL
Creative Commons Attribution


      author = {Boxin Zhao and Xiaoyang Dong and Keting Jia},
      title = {New Related-Tweakey Boomerang and Rectangle Attacks on Deoxys-{BC} Including {BDT} Effect},
      howpublished = {Cryptology ePrint Archive, Paper 2020/102},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.