Paper 2022/060

Quantum Boomerang Attacks and Some Applications

Paul Frixons, María Naya-Plasencia, and André Schrottenloher


In this paper, we study quantum key-recovery attacks on block ciphers. While it is well known that a quantum adversary can generically speed up an exhaustive search of the key, much less is known on how to use specific vulnerabilities of the cipher to accelerate this procedure. In this context, we show how to convert classical boomerang and mixing boomerang attacks into efficient quantum key-recovery attacks. In some cases, we can even obtain a quadratic speedup, the same as simple differential attacks. We apply this technique to a 5-round attack on SAFER++.

Note: Full version of the paper.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Major revision. SAC 2021
boomerang attackpost-quantum securitymixing boomerang attackSAFER++AES
Contact author(s)
andre schrottenloher @ m4x org
maria naya_plasencia @ inria fr
paul frixons @ inria fr
2022-01-18: received
Short URL
Creative Commons Attribution


      author = {Paul Frixons and María Naya-Plasencia and André Schrottenloher},
      title = {Quantum Boomerang Attacks and Some Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2022/060},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.