[Resource Topic] 2023/1543: Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for NLFSR-based Block Ciphers

Resource Attacks and cryptanalysis
#1

Welcome to the resource topic for 2023/1543

Title:
Switching the Top Slice of the Sandwich with Extra Filling Yields a Stronger Boomerang for NLFSR-based Block Ciphers

Authors: Amit Jana, Mostafizar Rahman, Dhiman Saha, Goutam Paul

Abstract:

The Boomerang attack was one of the first attempts to visualize a cipher (E) as a composition of two sub-ciphers (E_0\circ E_1) to devise and exploit two high-probability (say p,q) shorter trails instead of relying on a single low probability (say s) longer trail for differential cryptanalysis. The attack generally works whenever p^2 \cdot q^2 > s. However, it was later succeeded by the so-called ``sandwich attack’’ which essentially splits the cipher in three parts E'_0\circ E_m \circ E'_1 adding an additional middle layer (E_m) with distinguishing probability of p^2\cdot r\cdot q^2. It is primarily the generalization of a body of research in this direction that investigate what is referred to as the switching activity and capture the dependencies and potential incompatibilities of the layers that the middle layer separates.

This work revisits the philosophy of the sandwich attack over multiple rounds for NLFSR-based block ciphers and introduces a new method to find high probability boomerang distinguishers. The approach formalizes boomerang attacks using only ladder, And switches. The cipher is treated as E = E_m \circ E_1, a specialized form of a sandwich attack which we called as the ``open-sandwich attack’'. The distinguishing probability for this attack configuration is r \cdot q^2.

Using this innovative approach, the study successfully identifies a deterministic boomerang distinguisher for the keyed permutation of the TinyJambu cipher over 320 rounds. Additionally, a 640-round boomerang with a probability of 2^{-22} is presented with 95% success rate. In the related-key setting, we unveil full-round boomerangs with probabilities of 2^{-19}, 2^{-18}, and 2^{-12} for all three variants, demonstrating a 99% success rate.

Similarly, for Katan-32, a more effective related-key boomerang spanning 140 rounds with a probability of 2^{-15} is uncovered with 70% success rate. Further, in the single-key setting, a 84-round boomerang with probability 2^{-30} found with success rate of 60%. This research deepens the understanding of boomerang attacks, enhancing the toolkit for cryptanalysts to develop efficient and impactful attacks on NLFSR-based block ciphers.

ePrint: https://eprint.iacr.org/2023/1543

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .