Paper 2024/1008

A Deep Study of The Impossible Boomerang Distinguishers: New Construction Theory and Automatic Search Methods

Xichao Hu, State Key Laboratory of Cryptology, Beijing, China
Lin Jiao, State Key Laboratory of Cryptology, Beijing, China
Dengguo Feng, State Key Laboratory of Cryptology, Beijing, China
Yonglin Hao, State Key Laboratory of Cryptology, Beijing, China
Xinxin Gong, State Key Laboratory of Cryptology, Beijing, China
Yongqiang Li, Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
Abstract

The impossible boomerang attack (IBA) is a combination of the impossible differential attack and boomerang attack, which has demonstrated remarkable power in the security evaluation of AES and other block ciphers. However, this method has not received sufficient attention in the field of symmetric cipher analysis. The only existing search method for impossible boomerang distinguishers (IBD), the core of IBAs, is the $\mathcal{UB}\text{-method}$, but it is considered rather rudimentary given current technological advancements and may result in missed opportunities for effective attacks. Therefore, this paper delves into a comprehensive study on the construction theory and automatic search method of IBDs. Theoretically, we propose 5 IBD constructions aligned with the techniques of arbitrary S-box, boomerang distinguisher, Boomerang Connectivity Table, U/L/EBCT and mixed tables for differential propagation for SPN-network block ciphers, and 2 IBD constructions accompanied by state propagation for block ciphers with any structure. Furthermore, we investigate the relationship among these IBD constructions and demonstrate that the most superior IBD aligns precisely with the original definition. Technically, we develop a general SAT-based automatic search tool for IBDs by introducing optimized search strategies of the composite model method and the mixed model method. This tool not only considers the details of each operation but also takes into account the impact of key schedule in a single-key setting. As applications, we first acquire 59584 4-round 1 active word truncated IBDs for AES-128, and 192 of those IBDs cannot be detected by the $\mathcal{UB} \text{-method}$. For Midori64, we first demonstrate the non-existence of $7$-round $1$ active word truncated IBDs, and obtain $7296$ $6$-round $1$ active word truncated IBDs, which is complementary to the finding that there are no existing $6$-round $1$ active word truncated IDs. For PRESENT-80, we get the first 6-round IBDs which cannot be detected by the $\mathcal{UB}\text{-method}$. Those results indicate that our method outperforms the $\mathcal{UB}\text{-method}$ and offer an advantage over IDs. We believe that our work can bring new insights to symmetric cipher analysis.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Impossible Boomerang DistinguishersPropagation of StatesComposite Model MethodMixed Model Method
Contact author(s)
xchao_h @ 163 com
History
2024-10-17: last of 2 revisions
2024-06-21: received
See all versions
Short URL
https://ia.cr/2024/1008
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1008,
      author = {Xichao Hu and Lin Jiao and Dengguo Feng and Yonglin Hao and Xinxin Gong and Yongqiang Li},
      title = {A Deep Study of The Impossible Boomerang Distinguishers: New Construction Theory and Automatic Search Methods},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1008},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1008}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.