### Truncated Boomerang Attacks and Application to AES-based Ciphers

##### Abstract

The boomerang attack is a cryptanalysis technique that combines two short differentials instead of using a single long differential. It has been applied to many primitives, and results in the best known attacks against several AES-based ciphers (Kiasu-BC, Deoxys-BC). In this paper, we introduce a general framework for boomerang attacks with truncated differentials. While the underlying ideas are already known, we show that a careful analysis provides a significant improvement over the best boomerang attacks in the literature. In particular, we take into account structures on the plaintext and ciphertext sides, and include an analysis of the key recovery step. On 6-round AES, we obtain a structural distinguisher with complexity $2^{87}$ and a key recovery attack with complexity $2^{61}$. The truncated boomerang attacks is particularly effective against tweakable AES variants. We apply it to 8-round Kiasu-BC, resulting in the best known attack with complexity $2^{83}$ (rather than $2^{103}$). We also show an interesting use of the 6-round distinguisher on TNT-AES, a tweakable block-cipher using 6-round AES as a building block. Finally, we apply this framework to Deoxys-BC, using a MILP model to find optimal trails automatically. We obtain the best attacks against round-reduced versions of all variants of Deoxys-BC.

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Truncated differential boomerang attack AES KIASU Deoxys TNT-AES
Contact author(s)
augustin bariant @ inria fr
gaetan leurent @ inria fr
History
2022-06-06: approved
See all versions
Short URL
https://ia.cr/2022/701

CC0

BibTeX

@misc{cryptoeprint:2022/701,
author = {Augustin Bariant and Gaëtan Leurent},
title = {Truncated Boomerang Attacks and Application to AES-based Ciphers},
howpublished = {Cryptology ePrint Archive, Paper 2022/701},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/701}},
url = {https://eprint.iacr.org/2022/701}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.