29
The Boomerang Attack Tomer Ashur Department of Computer Science University of Haifa [email protected] 05/05/2013
The Boomerang Attack
Tomer Ashur
Department of Computer ScienceUniversity of Haifa
05/05/2013
What is the Boomerang Attack
I An extension of differentialcryptanalysis.
I Invented by David Wagner, andpublished in 1999.
Tomer Ashur The Boomerang Attack
How Does it Work - in a Nutshell
I Instead of using one long differentialthat covers the full cipher, we use twoshorter differentials of each coveringpart of the cipher.
I We append the two differentials to builda boomarng that covers the full cipher.
P0 P1
α
5
β
C0 C1
3
C2 C3
δ δ
γ γβ
P2 P3
α
Tomer Ashur The Boomerang Attack
Why don’t we Always Use it?
I The attack model is different.
I The complexity
Tomer Ashur The Boomerang Attack
A Step-by-step Construction
P0 P1
α
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C0 C1
3
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C0 C1
3
C2 C3
δ δ
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C0 C1
3
C2 C3
δ δ
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C0 C1
3
C2 C3
δ δ
γ γ
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C1 C2
3
C2 C3
δ δ
γ γ
P2 P3
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C1 C2
3
C2 C3
δ δ
γ γ
P2 P3
β
Tomer Ashur The Boomerang Attack
A Step-by-step Construction - Cont.
P0 P1
α
5
β
C1 C2
3
C2 C3
δ δ
γ γ
P2 P3
β
α
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What are the Odds?
I α cause β with probability p
I δ cause γ with probability q
I We need this event to happen twice.
I Finally, β cause α with probability p
I So...
I (p · q)2
Tomer Ashur The Boomerang Attack
What is it Good For?
Tomer Ashur The Boomerang Attack
The Key Recovery
I Just do the Usual Trick
I E(4x) = 10x
I S1(10x ⊕ k0) = Ax
I k0 ∈ {000001, 010001, 100001, 110001, 101111, 011111}
Tomer Ashur The Boomerang Attack
The Key Recovery
I Just do the Usual Trick
I E(4x) = 10x
I S1(10x ⊕ k0) = Ax
I k0 ∈ {000001, 010001, 100001, 110001, 101111, 011111}
Tomer Ashur The Boomerang Attack
The Key Recovery
I Just do the Usual Trick
I E(4x) = 10x
I S1(10x ⊕ k0) = Ax
I k0 ∈ {000001, 010001, 100001, 110001, 101111, 011111}
Tomer Ashur The Boomerang Attack
The Key Recovery
I Just do the Usual Trick
I E(4x) = 10x
I S1(10x ⊕ k0) = Ax
I k0 ∈ {000001, 010001, 100001, 110001, 101111, 011111}
Tomer Ashur The Boomerang Attack
The Inside-out Attack
I Use truncated differentials.
I Use the birthday paradox to make thedifferentials collide, having the reqiureddifference.
CC-BY-SA 2.0 QuinnDombrowski
Tomer Ashur The Boomerang Attack
*R-attacks
Tomer Ashur The Boomerang Attack
Related-key Differentials
Tomer Ashur The Boomerang Attack
Questions
Tomer Ashur The Boomerang Attack
