Cryptology ePrint Archive: Report 2020/1317

Improved Rectangle Attacks on SKINNY and CRAFT

Hosein Hadipour and Nasour Bagheri and Ling Song

Abstract: The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher $E$ as a composition of two sub-ciphers, i.e., $E = E_{1}\circ E_{0}$, to construct a distinguisher for $E$ with probability $p^{2}q^{2}$ by concatenating two short differential trails for $E_{0}$ and $E_{1}$ with probability $p$ and $q$ respectively. According to the previous research the dependency between these two differential characteristics have a great impact on the probability of boomerang and rectangle distinguishers. Dunkelman \etal proposed the sandwich attack to formalise such dependency that regards $E$ as three parts, i.e., $E = E_{1}\circ E_{m}\circ E_{0}$, where $E_{m}$ contains the dependency between two differential trails, satisfying some differential propagation with probability $r$. Accordingly, the entire probability is $p^{2}q^{2}r$. Recently, Song \etal have proposed a general framework to identify the actual boundaries of $E_{m}$ and systematically evaluate the probability of $E_{m}$ with any number of rounds, and applied their method to accurately evaluate the probabilities of the best \texttt{SKINNY}'s boomerang distinguishers. In this paper, using a more advanced method to search for boomerang distinguishers, we show that the best previous boomerang distinguishers for \texttt{SKINNY} can be significantly improved in terms of probability and number of rounds. More precisely, we propose related-tweakey boomerang distinguishers for up to 19, 21, 23, and 25 rounds of \texttt{SKINNY}-64-128, \texttt{SKINNY}-128-256, \texttt{SKINNY}-64-192, and \texttt{SKINNY}-128-384 respectively, which improve the previous boomerang distinguishers of these variants of \texttt{SKINNY} by 1, 2, 1, and 1 round respectively. Based on the improved boomerang distinguishers for \texttt{SKINNY}, we provide related-tweakey rectangle attacks on 23 rounds of \texttt{SKINNY}-64-128, 24 rounds of \texttt{SKINNY}-128-256, 29 rounds of \texttt{SKINNY}-64-192, and 30 rounds of \texttt{SKINNY}-128-384. It worth noting that our improved related-tweakey rectangle attacks on \texttt{SKINNY}-64-192, \texttt{SKINNY}-128-256 and \texttt{SKINNY}-128-384 can be directly applied for the same number of rounds of \texttt{ForkSkinny-64-192}, \texttt{ForkSkinny-128-256} and \texttt{ForkSkinny-128-384} respectively. \texttt{craft} is another \texttt{SKINNY}-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. As a result, we provide a 14-round boomerang distinguisher for \texttt{craft} in the single-tweak model based on which we propose a single-tweak rectangle attack on 18 rounds of this cipher. Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called \textit{Double Boomerang Connectivity Table} (\texttt{DBCT}), $\texttt{bdt}^{\Dashv}$, and $\texttt{dbt}^{\vDash}$ to evaluate the boomerang switch through the multiple rounds more accurately.

Category / Keywords: secret-key cryptography / Lightweight block cipher, boomerang, rectangle, BCT, tweakable cipher, SKINNY , CRAFT

Date: received 21 Oct 2020, last revised 26 Nov 2020

Contact author: hsn hadipour at gmail com,na bagheri@gmail com,songling qs@gmail com

Available format(s): PDF | BibTeX Citation

Note: The current version is an early draft and the key recovery part will be included soon.

Short URL: ia.cr/2020/1317

[ Cryptology ePrint archive ]