Improved Related-Tweakey Boomerang Attacks on Deoxys-BC

This paper improves previous distinguishers and key recovery attacks against Deoxys-BC that is a core primitive of the authenticated encryption scheme Deoxys, which is one of the remaining candidates in CAESAR. We observe that previous attacks by Cid et al. published from ToSC 2017 have a lot of room to be improved. By carefully optimizing attack procedures, we reduce the complexities of 8- and 9-round related-tweakey boomerang distinguishers against Deoxys-BC-256 to \(2^{28}\) and \(2^{98}\), respectively, whereas the previous attacks require \(2^{74}\) and \(2^{124}\), respectively. The distinguishers are then extended to 9-round and 10-round boomerang key-recovery attacks with a complexity \(2^{112}\) and \(2^{170}\), respectively, while the previous rectangle attacks require \(2^{118}\) and \(2^{204}\), respectively. The optimization techniques used in this paper are conceptually not new, yet we believe that it is important to know how much the attacks are optimized by considering the details of the design.

[1]  Guozhen Liu,et al.  Security Analysis of SKINNY under Related-Tweakey Settings , 2017, IACR Cryptol. ePrint Arch..

[2]  Bruce Schneier,et al.  Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent , 2000, FSE.

[3]  Eli Biham,et al.  The Rectangle Attack - Rectangling the Serpent , 2001, EUROCRYPT.

[4]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[5]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[6]  Sean Murphy,et al.  The Return of the Cryptographic Boomerang , 2011, IEEE Transactions on Information Theory.

[7]  Farokhlagha Moazami,et al.  Impossible Differential Cryptanalysis on Deoxys-BC-256 , 2018, IACR Cryptol. ePrint Arch..

[8]  Tao Huang,et al.  A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers , 2017, IACR Trans. Symmetric Cryptol..

[9]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[10]  Eli Biham,et al.  Related-Key Boomerang and Rectangle Attacks , 2005, EUROCRYPT.

[11]  Eli Biham,et al.  New Results on Boomerang and Rectangle Attacks , 2002, FSE.

[12]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[13]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[14]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[15]  Adi Shamir,et al.  A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony , 2010, Journal of Cryptology.

[16]  Thomas Peyrin,et al.  Tweaks and Keys for Block Ciphers: The TWEAKEY Framework , 2014, ASIACRYPT.