Paper 2024/255
Revisiting Differential-Linear Attacks via a Boomerang Perspective With Application to AES, Ascon, CLEFIA, SKINNY, PRESENT, KNOT, TWINE, WARP, LBlock, Simeck, and SERPENT
Abstract
In 1994, Langford and Hellman introduced differential-linear (DL) cryptanalysis, with the idea of decomposing the block cipher E into two parts, EU and EL, such that EU exhibits a high-probability differential trail, while EL has a high-correlation linear trail.Combining these trails forms a distinguisher for E, assuming independence between EU and EL. The dependency between the two parts of DL distinguishers remained unaddressed until EUROCRYPT 2019, where Bar-On et al. introduced the DLCT framework, resolving the issue up to one S-box layer. However, extending the DLCT framework to formalize the dependency between the two parts for multiple rounds remained an open problem. In this paper, we first tackle this problem from the perspective of boomerang analysis. By examining the relationships between DLCT, DDT, and LAT, we introduce a set of new tables facilitating the formulation of dependencies between the two parts of the DL distinguisher across multiple rounds. Then, we introduce a highly versatile and easy-to-use automatic tool for exploring DL distinguishers, inspired by automatic tools for boomerang distinguishers. This tool considers the dependency between differential and linear trails across multiple rounds. We apply our tool to various symmetric primitives, and in all applications, we either present the first DL distinguishers or enhance the best-known ones. We achieve successful results against Ascon, AES, SERPENT, PRESENT, SKINNY, TWINE, CLEFIA, WARP, LBlock, Simeck, and KNOT. Furthermore, we demonstrate that, in some cases, DL distinguishers outperform boomerang distinguishers significantly.
Note: The source code of our tool is available at: https://github.com/hadipourh/DL
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- A major revision of an IACR publication in CRYPTO 2024
- DOI
- 10.1007/978-3-031-68385-5_2
- Keywords
- Differential-linear analysisDLCTUDLCTLDLCTDDLCTAESAsconSKINNYSERPENTKNOTWARPLBlockSimeckTWINE
- Contact author(s)
-
hossein hadipour @ iaik tugraz at
patrick derbez @ irisa fr
maria eichlseder @ iaik tugraz at - History
- 2024-08-18: last of 6 revisions
- 2024-02-16: received
- See all versions
- Short URL
- https://ia.cr/2024/255
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/255, author = {Hosein Hadipour and Patrick Derbez and Maria Eichlseder}, title = {Revisiting Differential-Linear Attacks via a Boomerang Perspective With Application to {AES}, Ascon, {CLEFIA}, {SKINNY}, {PRESENT}, {KNOT}, {TWINE}, {WARP}, {LBlock}, Simeck, and {SERPENT}}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/255}, year = {2024}, doi = {10.1007/978-3-031-68385-5_2}, url = {https://eprint.iacr.org/2024/255} }