Paper 2024/255

Revisiting Differential-Linear Attacks via a Boomerang Perspective With Application to AES, Ascon, CLEFIA, SKINNY, PRESENT, KNOT, TWINE, WARP, LBlock, Simeck, and SERPENT

Hosein Hadipour, Graz University of Technology
Patrick Derbez, Univ Rennes, Inria, CNRS, IRISA
Maria Eichlseder, Graz University of Technology
Abstract

In 1994, Langford and Hellman introduced differential-linear (DL) cryptanalysis, with the idea of decomposing the block cipher E into two parts, EU and EL, such that EU exhibits a high-probability differential trail, while EL has a high-correlation linear trail.Combining these trails forms a distinguisher for E, assuming independence between EU and EL. The dependency between the two parts of DL distinguishers remained unaddressed until EUROCRYPT 2019, where Bar-On et al. introduced the DLCT framework, resolving the issue up to one S-box layer. However, extending the DLCT framework to formalize the dependency between the two parts for multiple rounds remained an open problem. In this paper, we first tackle this problem from the perspective of boomerang analysis. By examining the relationships between DLCT, DDT, and LAT, we introduce a set of new tables facilitating the formulation of dependencies between the two parts of the DL distinguisher across multiple rounds. Then, we introduce a highly versatile and easy-to-use automatic tool for exploring DL distinguishers, inspired by automatic tools for boomerang distinguishers. This tool considers the dependency between differential and linear trails across multiple rounds. We apply our tool to various symmetric primitives, and in all applications, we either present the first DL distinguishers or enhance the best-known ones. We achieve successful results against Ascon, AES, SERPENT, PRESENT, SKINNY, TWINE, CLEFIA, WARP, LBlock, Simeck, and KNOT. Furthermore, we demonstrate that, in some cases, DL distinguishers outperform boomerang distinguishers significantly.

Note: The source code of our tool is available at: https://github.com/hadipourh/DL

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
A major revision of an IACR publication in CRYPTO 2024
DOI
10.1007/978-3-031-68385-5_2
Keywords
Differential-linear analysisDLCTUDLCTLDLCTDDLCTAESAsconSKINNYSERPENTKNOTWARPLBlockSimeckTWINE
Contact author(s)
hossein hadipour @ iaik tugraz at
patrick derbez @ irisa fr
maria eichlseder @ iaik tugraz at
History
2024-08-18: last of 6 revisions
2024-02-16: received
See all versions
Short URL
https://ia.cr/2024/255
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/255,
      author = {Hosein Hadipour and Patrick Derbez and Maria Eichlseder},
      title = {Revisiting Differential-Linear Attacks via a Boomerang Perspective With Application to {AES}, Ascon, {CLEFIA}, {SKINNY}, {PRESENT}, {KNOT}, {TWINE}, {WARP}, {LBlock}, Simeck, and {SERPENT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/255},
      year = {2024},
      doi = {10.1007/978-3-031-68385-5_2},
      url = {https://eprint.iacr.org/2024/255}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.