Paper 2021/1238

Generic Framework for Key-Guessing Improvements

Marek Broll, Federico Canale, Antonio Flórez-Gutiérrez, Gregor Leander, and María Naya-Plasencia


We propose a general technique to improve the key-guessing step of several attacks on block ciphers. This is achieved by defining and studying some new properties of the associated S-boxes and by representing them as a special type of decision trees that are crucial for finding fine-grained guessing strategies for various attack vectors. We have proposed and implemented the algorithm that efficiently finds such trees, and use it for providing several applications of this approach, which include the best known attacks on NOKEON, GIFT, and RECTANGLE.

Available format(s)
Secret-key cryptography
Publication info
A major revision of an IACR publication in Asiacrypt 2021
cryptanalysisS-boxkey-guessingaffine decision trees
Contact author(s)
antonio florez-gutierrez @ inria fr
gregor leander @ rub de
marek broll @ rub de
Federico Canale @ rub de
maria naya_plasencia @ inria fr
2021-09-23: last of 2 revisions
2021-09-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marek Broll and Federico Canale and Antonio Flórez-Gutiérrez and Gregor Leander and María Naya-Plasencia},
      title = {Generic Framework for Key-Guessing Improvements},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1238},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.