eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2022/725

Revisiting Related-Key Boomerang attacks on AES using computer-aided tool

Patrick Derbez, Univ Rennes, CNRS, IRISA, Rennes, France
Marie Euler, Univ Rennes, CNRS, IRISA, Rennes, France, Direction Générale de l'Armement, Rennes, France
Pierre-Alain Fouque, Univ Rennes, CNRS, IRISA, Rennes, France
Phuong Hoa Nguyen, Univ Rennes, CNRS, IRISA, Rennes, France

In recent years, several MILP models were introduced to search automatically for boomerang distinguishers and boomerang attacks on block ciphers. However, they can only be used when the key schedule is linear. Here, a new model is introduced to deal with nonlinear key schedules as it is the case for AES. This model is more complex and actually it is too slow for exhaustive search. However, when some hints are added to the solver, it found the current best related-key boomerang attack on AES-192 with $2^{124}$ time, $2^{124}$ data, and $2^{79.8}$ memory complexities, which is better than the one presented by Biryukov and Khovratovich at ASIACRYPT 2009 with complexities $2^{176}/2^{123}/2^{152}$ respectively. This represents a huge improvement for the time and memory complexity, illustrating the power of MILP in cryptanalysis.

Available format(s)
Attacks and cryptanalysis
Publication info
A minor revision of an IACR publication in ASIACRYPT 2022
Contact author(s)
patrick derbez @ irisa fr
marie euler @ m4x org
pierre-alain fouque @ irisa fr
phuong-hoa nguyen @ irisa fr
2023-03-07: last of 3 revisions
2022-06-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Patrick Derbez and Marie Euler and Pierre-Alain Fouque and Phuong Hoa Nguyen},
      title = {Revisiting Related-Key Boomerang attacks on AES using computer-aided tool},
      howpublished = {Cryptology ePrint Archive, Paper 2022/725},
      year = {2022},
      doi = {10.1007/978-3-031-22969-5_3},
      note = {\url{https://eprint.iacr.org/2022/725}},
      url = {https://eprint.iacr.org/2022/725}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.