[Resource Topic] 2022/745: Throwing Boomerangs into Feistel Structures: Application to CLEFIA, WARP, LBlock, LBlock-s and TWINE

Resource Attacks and cryptanalysis
#1

Welcome to the resource topic for 2022/745

Title:
Throwing Boomerangs into Feistel Structures: Application to CLEFIA, WARP, LBlock, LBlock-s and TWINE

Authors: Hosein Hadipour, Marcel Nageler, and Maria Eichlseder

Abstract:

Automatic tools to search for boomerang distinguishers have seen significant advances over the past few years. However, most of the previous works in this context focus on ciphers based on a Substitution Permutation Network (SPN), while analyzing the Feistel structure is of great significance. Although Boukerrou et al. provided a theoretical framework to formulate the boomerang switch over multiple Feistel rounds very recently, they did not provide an automatic tool to search for boomerang distinguishers of Feistel structures taking the switching effect into account. In this paper, by enhancing the recently proposed method to search for boomerang distinguishers by Hadipour et al., we provide an automatic tool to search for boomerang distinguishers and apply it to block ciphers following the Generalized Feistel Structure (GFS). Applying our tool to a wide range of GFS ciphers, we show that it yields a significant improvement compared to the best previous results concerning boomerang analysis. In particular, we improve the best previous boomerang distinguishers for 20 and 21 rounds of WARP by a factor of 2^{38.28 and 2^{36.56, respectively. Thanks to the effectiveness of our method, we even improve the boomerang distinguishers of WARP by two rounds and distinguish 23 rounds of this cipher from a random permutation. Applying our method to the internationally-standardized cipher CLEFIA, we achieve a 9-round boomerang distinguisher which improves the best previous boomerang distinguisher by one round. Furthermore, based on this distinguisher, we build a key-recovery attack on 11 rounds of CLEFIA, which improves the best previous sandwich attack on this cipher by one round. We also apply our method to LBlock, LBlock-s, and TWINE and improve the best previous boomerang distinguisher of these ciphers.

ePrint: https://eprint.iacr.org/2022/745

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .