Paper 2021/020

Catching the Fastest Boomerangs - Application to SKINNY

Stéphanie Delaune, Patrick Derbez, and Mathieu Vavrille

Abstract

In this paper we describe a new tool to search for boomerang distinguishers. One limitation of the MILP model of Liu et al. is that it handles only one round for the middle part while Song et al. have shown that dependencies could affect much more rounds, for instance up to 6 rounds for SKINNY. Thus we describe a new approach to turn an MILP model to search for truncated characteristics into an MILP model to search for truncated boomerang characteristics automatically handling the middle rounds. We then show a new CP model to search for the best possible instantiations to identify good boomerang distinguishers. Finally we systematized the method initiated by Song et al. to precisely compute the probability of a boomerang. As a result, we found many new boomerang distinguishers up to 24 rounds in the TK3 model. In particular, we improved by a factor $2^{30}$ the probability of the best known distinguisher against 18-round SKINNY-128/256.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. IACR-TOSC ISSUE 4-2020
DOI
10.46586/tosc.v2020.i4.104-129
Keywords
BoomerangMILP modelSKINNY
Contact author(s)
patrick derbez @ irisa fr
History
2021-01-06: received
Short URL
https://ia.cr/2021/020
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/020,
      author = {Stéphanie Delaune and Patrick Derbez and Mathieu Vavrille},
      title = {Catching the Fastest Boomerangs - Application to SKINNY},
      howpublished = {Cryptology ePrint Archive, Paper 2021/020},
      year = {2021},
      doi = {10.46586/tosc.v2020.i4.104-129},
      note = {\url{https://eprint.iacr.org/2021/020}},
      url = {https://eprint.iacr.org/2021/020}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.