Paper 2024/1008
A Deep Study of The Impossible Boomerang Distinguishers: New Construction Theory and Automatic Search Methods
Abstract
The impossible boomerang attack (IBA) is a combination of the impossible differential attack and boomerang attack, which has demonstrated remarkable power in the security evaluation of AES and other block ciphers. However, this method has not received sufficient attention in the field of symmetric cipher analysis. The only existing search method for impossible boomerang distinguishers (IBD), the core of IBAs, is the $\mathcal{UB}\text{-method}$, but it is considered rather rudimentary given current technological advancements and may result in missed opportunities for effective attacks. Therefore, this paper delves into a comprehensive study on the construction theory and automatic search method of IBDs. Theoretically, we propose 5 IBD constructions aligned with the techniques of arbitrary S-box, boomerang distinguisher, Boomerang Connectivity Table, U/L/EBCT and mixed tables for differential propagation for SPN-network block ciphers, and 2 IBD constructions accompanied by state propagation for block ciphers with any structure. Furthermore, we investigate the relationship among these IBD constructions and demonstrate that the most superior IBD aligns precisely with the original definition. Technically, we develop a general SAT-based automatic search tool for IBDs by introducing optimized search strategies of the composite model method and the mixed model method. This tool not only considers the details of each operation but also takes into account the impact of key schedule in a single-key setting. As applications, we first acquire 59584 4-round 1 active word truncated IBDs for AES-128, and 192 of those IBDs cannot be detected by the $\mathcal{UB} \text{-method}$. For Midori64, we first demonstrate the non-existence of $7$-round $1$ active word truncated IBDs, and obtain $7296$ $6$-round $1$ active word truncated IBDs, which is complementary to the finding that there are no existing $6$-round $1$ active word truncated IDs. For PRESENT-80, we get the first 6-round IBDs which cannot be detected by the $\mathcal{UB}\text{-method}$. Those results indicate that our method outperforms the $\mathcal{UB}\text{-method}$ and offer an advantage over IDs. We believe that our work can bring new insights to symmetric cipher analysis.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Impossible Boomerang DistinguishersPropagation of StatesComposite Model MethodMixed Model Method
- Contact author(s)
- xchao_h @ 163 com
- History
- 2024-10-17: last of 2 revisions
- 2024-06-21: received
- See all versions
- Short URL
- https://ia.cr/2024/1008
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1008, author = {Xichao Hu and Lin Jiao and Dengguo Feng and Yonglin Hao and Xinxin Gong and Yongqiang Li}, title = {A Deep Study of The Impossible Boomerang Distinguishers: New Construction Theory and Automatic Search Methods}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1008}, year = {2024}, url = {https://eprint.iacr.org/2024/1008} }