Paper 2022/025

Boomeyong: Embedding Yoyo within Boomerang and its Applications to Key Recovery Attacks on AES and Pholkos

Mostafizar Rahman, Dhiman Saha, and Goutam Paul


This work investigates a generic way of combining two very effective and well-studied cryptanalytic tools, proposed almost 18 years apart, namely the boomerang attack introduced by Wagner in FSE 1999 and the yoyo attack by Ronjom et. al. in Asiacrypt 2017. In doing so, the s-box switch and ladder switch techniques are leveraged to embed a yoyo trail inside a boomerang trail. As an immediate application, a 6-round key recovery attack on AES-128 is mounted with time complexity of $2^{78}$. A 10-round key recovery attack on recently introduced AES-based tweakable block cipher Pholkos is also furnished to demonstrate the applicability of the new technique on AES-like constructions. The results on AES are experimentally verified by applying and implementing them on a small scale variant of AES. We provide arguments that draw a relation between the proposed strategy with the retracing boomerang attack devised in Eurocrypt 2020. To the best of our knowledge, this is the first attempt to merge the yoyo and boomerang techniques to analyze SPN ciphers and warrants further attention as it has the potential of becoming an important cryptanalysis tool.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2022
AESBoomerangDistinguisherKey RecoveryPholkosSymmetric-Key CryptanalysisYoyo
Contact author(s)
mrahman454 @ gmail com
2022-01-10: received
Short URL
Creative Commons Attribution


      author = {Mostafizar Rahman and Dhiman Saha and Goutam Paul},
      title = {Boomeyong: Embedding Yoyo within Boomerang and its Applications to Key Recovery Attacks on AES and Pholkos},
      howpublished = {Cryptology ePrint Archive, Paper 2022/025},
      year = {2022},
      doi = {10.46586/tosc.v2021.i3.137-169},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.