Related-Key Boomerang and Rectangle Attacks

Eli Biham; Orr Dunkelman; N. Keller

Related-Key Boomerang and Rectangle Attacks

Eli Biham, Orr Dunkelman, N. Keller

Department of Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

Abstract

The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials. The new combination is applicable to many ciphers, and we demonstrate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.

Original language	American English
Title of host publication	Advances in Cryptology – EUROCRYPT 2005
Editors	Ronald Cramer
Place of Publication	Berlin Heidelberg
Publisher	Springer
Pages	507-525
Volume	3494
State	Published - 2005

Publication series

Name	Lecture Notes in Computer Science

Cite this

@inbook{fce1ff3cdc14485fb6442f61bbcf99e1,

title = "Related-Key Boomerang and Rectangle Attacks",

abstract = "The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials. The new combination is applicable to many ciphers, and we demonstrate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.",

author = "Eli Biham and Orr Dunkelman and N. Keller",

year = "2005",

language = "American English",

volume = "3494",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "507--525",

editor = "Ronald Cramer",

booktitle = "Advances in Cryptology – EUROCRYPT 2005",

}

TY - CHAP

T1 - Related-Key Boomerang and Rectangle Attacks

AU - Biham, Eli

AU - Dunkelman, Orr

AU - Keller, N.

PY - 2005

Y1 - 2005

N2 - The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials. The new combination is applicable to many ciphers, and we demonstrate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.

AB - The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials. The new combination is applicable to many ciphers, and we demonstrate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.

UR - http://link.springer.com/chapter/10.1007/11426639_30

M3 - Chapter

VL - 3494

T3 - Lecture Notes in Computer Science

SP - 507

EP - 525

BT - Advances in Cryptology – EUROCRYPT 2005

A2 - Cramer, Ronald

PB - Springer

CY - Berlin Heidelberg

ER -

Related-Key Boomerang and Rectangle Attacks

Abstract

Publication series

Other files and links

Fingerprint

Cite this