Related-Key Boomerang and Rectangle Attacks

The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials. The new combination is applicable to many ciphers, and we demonstrate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.

[1]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[2]  Dengguo Feng,et al.  Related-Key Differential-Linear Attacks on Reduced AES-192 , 2007, INDOCRYPT.

[3]  Vincent Rijmen,et al.  Two Attacks on Reduced IDEA , 1997, EUROCRYPT.

[4]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[5]  Bruce Schneier,et al.  Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent , 2000, FSE.

[6]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[7]  Lars R. Knudsen,et al.  Provable Security Against Differential Cryptanalysis , 1992, CRYPTO.

[8]  Jongsung Kim,et al.  Related-Key Rectangle Attacks on Reduced AES-192 and AES-256 , 2007, FSE.

[9]  Thomas Beth,et al.  Advances in cryptology : proceedings of EUROCRYPT 84, a Workshop on the Theory and Application of Cryptographic Techniques, Paris, France, April 9-11, 1984 , 1985 .

[10]  Eli Biham,et al.  Differential Cryptanalysis of Lucifer , 1993, CRYPTO.

[11]  Gene Tsudik,et al.  On simple and secure key distribution , 1993, CCS '93.

[12]  Eli Biham,et al.  New Results on Boomerang and Rectangle Attack , 2002, IACR Cryptol. ePrint Arch..

[13]  Joos Vandewalle,et al.  New Weak-Key Classes of IDEA , 2002, ICICS.

[14]  Dengguo Feng,et al.  Improved Related-Key Impossible Differential Attacks on Reduced-Round AES-192 , 2006, Selected Areas in Cryptography.

[15]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[16]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[17]  Lars R. Knudsen,et al.  Cryptanalysis of LOKI91 , 1992, AUSCRYPT.

[18]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[19]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[20]  Mark Blunden,et al.  Related Key Attacks on Reduced Round KASUMI , 2001, FSE.

[21]  Alex Biryukov,et al.  The Boomerang Attack on 5 and 6-Round Reduced AES , 2004, AES Conference.

[22]  Jongsung Kim,et al.  Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192 , 2005, FSE.

[23]  Vincent Rijmen,et al.  Understanding Two-Round Differentials in AES , 2006, SCN.

[24]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[25]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[26]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[27]  Ali Aydin Selçuk,et al.  A New Meet-in-the-Middle Attack on the IDEA Block Cipher , 2003, Selected Areas in Cryptography.

[28]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[29]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[30]  Gaoli Wang,et al.  The Delicate Issues of Addition with Respect to XOR Differences , 2007, Selected Areas in Cryptography.

[31]  Jongsung Kim,et al.  The Related-Key Rectangle Attack - Application to SHACAL-1 , 2004, ACISP.

[32]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[33]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[34]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[35]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[36]  Philip Hawkes,et al.  Differential-Linear Weak Key Classes of IDEA , 1998, EUROCRYPT.

[37]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[38]  Ulrich Kühn,et al.  Cryptanalysis of Reduced-Round MISTY , 2001, EUROCRYPT.

[39]  Eli Biham,et al.  The Rectangle Attack - Rectangling the Serpent , 2001, EUROCRYPT.

[40]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[41]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[42]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[43]  Yvo Desmedt,et al.  Related-Key Differential Cryptanalysis of 192-bit Key AES Variants , 2003, Selected Areas in Cryptography.

[44]  Eli Biham,et al.  A Related-Key Rectangle Attack on the Full KASUMI , 2005, ASIACRYPT.

[45]  Eli Biham,et al.  Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.

[46]  Kaisa Nyberg,et al.  Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.