Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for NLFSR-based Block Ciphers

Amit Jana; Mostafizar Rahman; Dhiman Saha; Goutam Paul

Paper 2023/1543

Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for NLFSR-based Block Ciphers

Amit Jana, Indian Statistical Institute, Kolkata

Mostafizar Rahman, University of Hyogo

Dhiman Saha, Indian Institute of Technology Bhilai

Goutam Paul, Indian Statistical Institute, Kolkata

Abstract

The Boomerang attack was one of the first attempts to visualize a cipher ($E$) as a composition of two sub-ciphers ($E_0\circ E_1$) to devise and exploit two high-probability (say $p,q$) shorter trails instead of relying on a single low probability (say $s$) longer trail for differential cryptanalysis. The attack generally works whenever $p^2 \cdot q^2 > s$. However, it was later succeeded by the so-called ``sandwich attack'' which essentially splits the cipher in three parts $E'_0\circ E_m \circ E'_1$ adding an additional middle layer ($E_m$) with distinguishing probability of $p^2\cdot r\cdot q^2$. It is primarily the generalization of a body of research in this direction that investigate what is referred to as the switching activity and capture the dependencies and potential incompatibilities of the layers that the middle layer separates. This work revisits the philosophy of the sandwich attack over multiple rounds for NLFSR-based block ciphers and introduces a new method to find high probability boomerang distinguishers. The approach formalizes boomerang attacks using only ladder, And switches. The cipher is treated as $E = E_m \circ E_1$, a specialized form of a sandwich attack which we called as the ``open-sandwich attack''. The distinguishing probability for this attack configuration is $r \cdot q^2$. Using this innovative approach, the study successfully identifies a deterministic boomerang distinguisher for the keyed permutation of the TinyJambu cipher over 320 rounds. Additionally, a 640-round boomerang with a probability of $2^{-22}$ is presented with 95% success rate. In the related-key setting, we unveil full-round boomerangs with probabilities of $2^{-19}$, $2^{-18}$, and $2^{-12}$ for all three variants, demonstrating a 99% success rate. Similarly, for Katan-32, a more effective related-key boomerang spanning 140 rounds with a probability of $2^{-15}$ is uncovered with 70% success rate. Further, in the single-key setting, a 84-round boomerang with probability $2^{-30}$ found with success rate of 60%. This research deepens the understanding of boomerang attacks, enhancing the toolkit for cryptanalysts to develop efficient and impactful attacks on NLFSR-based block ciphers.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: MILP Boomerang Sandwich KATAN TinyJAMBU Symmetric-Key Cryptanalysis
Contact author(s): janaamit001 @ gmail com
mrahman454 @ gmail com
dhiman @ iitbhilai ac in
goutam paul @ isical ac in
History: 2023-10-09: approved; 2023-10-08: received; See all versions
Short URL: https://ia.cr/2023/1543
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1543,
      author = {Amit Jana and Mostafizar Rahman and Dhiman Saha and Goutam Paul},
      title = {Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for NLFSR-based Block Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1543},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1543}},
      url = {https://eprint.iacr.org/2023/1543}
}