Paper 2020/103

Improved Related-Tweakey Rectangle Attacks on Reduced-round Deoxys-BC-384 and Deoxys-I-256-128

Boxin Zhao, Xiaoyang Dong, Keting Jia, and Willi Meier


Deoxys-BC is the core internal tweakable block cipher of the authenticated encryption schemes Deoxys-I and Deoxys-II. Deoxys-II is one of the six schemes in the final portfolio of the CAESAR competition, while Deoxys-I is a 3rd round candidate. By well studying the new method proposed by Cid et al. at ToSC 2017 and BDT technique proposed by Wang and Peyrin at ToSC 2019, we find a new 11-round related-tweakey boomerang distinguisher of Deoxys-BC-384 with probability of $2^{-118.4}$, and give a related-tweakey rectangle attack on 13-round Deoxys-BC-384 with a data complexity of $2^{125.2}$ and time complexity of $2^{186.7}$, and then apply it to analyze 13-round Deoxys-I-256-128 in this paper. This is the first time that an attack on 13-round Deoxys-I-256-128 is given, while the previous attack on this version only reaches 12 rounds.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. INDOCRYPT 2019
CAESARAuthenticated EncryptionDeoxys-BCRectangle Attack
Contact author(s)
xiaoyangdong @ tsinghua edu cn
2020-02-04: received
Short URL
Creative Commons Attribution


      author = {Boxin Zhao and Xiaoyang Dong and Keting Jia and Willi Meier},
      title = {Improved Related-Tweakey Rectangle Attacks on Reduced-round Deoxys-{BC}-384 and Deoxys-I-256-128},
      howpublished = {Cryptology ePrint Archive, Paper 2020/103},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.