Paper 2023/1543

Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for NLFSR-based Block Ciphers

Amit Jana, Indian Statistical Institute, Kolkata
Mostafizar Rahman, University of Hyogo
Dhiman Saha, Indian Institute of Technology Bhilai
Goutam Paul, Indian Statistical Institute, Kolkata
Abstract

The Boomerang attack was one of the first attempts to visualize a cipher ($E$) as a composition of two sub-ciphers ($E_0\circ E_1$) to devise and exploit two high-probability (say $p,q$) shorter trails instead of relying on a single low probability (say $s$) longer trail for differential cryptanalysis. The attack generally works whenever $p^2 \cdot q^2 > s$. However, it was later succeeded by the so-called ``sandwich attack'' which essentially splits the cipher in three parts $E'_0\circ E_m \circ E'_1$ adding an additional middle layer ($E_m$) with distinguishing probability of $p^2\cdot r\cdot q^2$. It is primarily the generalization of a body of research in this direction that investigate what is referred to as the switching activity and capture the dependencies and potential incompatibilities of the layers that the middle layer separates. This work revisits the philosophy of the sandwich attack over multiple rounds for NLFSR-based block ciphers and introduces a new method to find high probability boomerang distinguishers. The approach formalizes boomerang attacks using only ladder, And switches. The cipher is treated as $E = E_m \circ E_1$, a specialized form of a sandwich attack which we called as the ``open-sandwich attack''. The distinguishing probability for this attack configuration is $r \cdot q^2$. Using this innovative approach, the study successfully identifies a deterministic boomerang distinguisher for the keyed permutation of the TinyJambu cipher over 320 rounds. Additionally, a 640-round boomerang with a probability of $2^{-22}$ is presented with 95% success rate. In the related-key setting, we unveil full-round boomerangs with probabilities of $2^{-19}$, $2^{-18}$, and $2^{-12}$ for all three variants, demonstrating a 99% success rate. Similarly, for Katan-32, a more effective related-key boomerang spanning 140 rounds with a probability of $2^{-15}$ is uncovered with 70% success rate. Further, in the single-key setting, a 84-round boomerang with probability $2^{-30}$ found with success rate of 60%. This research deepens the understanding of boomerang attacks, enhancing the toolkit for cryptanalysts to develop efficient and impactful attacks on NLFSR-based block ciphers.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
MILPBoomerangSandwichKATANTinyJAMBUSymmetric-Key Cryptanalysis
Contact author(s)
janaamit001 @ gmail com
mrahman454 @ gmail com
dhiman @ iitbhilai ac in
goutam paul @ isical ac in
History
2023-10-09: approved
2023-10-08: received
See all versions
Short URL
https://ia.cr/2023/1543
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1543,
      author = {Amit Jana and Mostafizar Rahman and Dhiman Saha and Goutam Paul},
      title = {Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for {NLFSR}-based Block Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1543},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1543}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.