Filters








96 Hits in 4.2 sec

Boomerang Connectivity Table: A New Cryptanalysis Tool [chapter]

Carlos Cid, Tao Huang, Thomas Peyrin, Yu Sasaki, Ling Song
2018 Lecture Notes in Computer Science  
In this paper, we revisit the issue of dependency of two characteristics in Em, and propose a new tool called Boomerang Connectivity Table ( BCT), which evaluates r in a systematic and easy-to-understand  ...  A boomerang attack is a cryptanalysis framework that regards a block cipher E as the composition of two sub-ciphers E1 • E0 and builds a particular characteristic for E with probability p 2 q 2 by combining  ...  We call it "Boomerang Connectivity Table (BCT)".  ... 
doi:10.1007/978-3-319-78375-8_22 fatcat:3shnwhxr7jbglipivjqw2iu4ye

Boomerang Connectivity Table Revisited. Application to SKINNY and AES

Ling Song, Xianrui Qin, Lei Hu
2019 IACR Transactions on Symmetric Cryptology  
Recently, Cid et al. proposed the Boomerang Connectivity Table (BCT) which unifies the previous switch techniques and incompatibility together and evaluates the probability of Em theoretically when Em  ...  The boomerang attack is a variant of differential cryptanalysis which regards a block cipher E as the composition of two sub-ciphers, i.e., E = E1 o E0, and which constructs distinguishers for E with probability  ...  Recently in [CHP + 18] , the issue of dependency in boomerang distinguishers was revisited, and a tool named Boomerang Connectivity Table ( BCT) was proposed, which calculates r theoretically when E  ... 
doi:10.46586/tosc.v2019.i1.118-141 fatcat:oaycmbqhbjaclbgfatllgq4mym

Boomerang Connectivity Table Revisited. Application to SKINNY and AES

Ling Song, Xianrui Qin, Lei Hu
2019 IACR Transactions on Symmetric Cryptology  
Recently, Cid et al. proposed the Boomerang Connectivity Table (BCT) which unifies the previous switch techniques and incompatibility together and evaluates the probability of Em theoretically when Em  ...  The boomerang attack is a variant of differential cryptanalysis which regards a block cipher E as the composition of two sub-ciphers, i.e., E = E1 o E0, and which constructs distinguishers for E with probability  ...  Recently in [CHP + 18] , the issue of dependency in boomerang distinguishers was revisited, and a tool named Boomerang Connectivity Table ( BCT) was proposed, which calculates r theoretically when E  ... 
doi:10.13154/tosc.v2019.i1.118-141 dblp:journals/tosc/SongQH19 fatcat:my5o766t5vfl5mmpes35puzpcy

On the Feistel Counterpart of the Boomerang Connectivity Table

Hamid Boukerrou, Paul Huynh, Virginie Lallemand, Bimal Mandal, Marine Minier
2020 IACR Transactions on Symmetric Cryptology  
At Eurocrypt 2018, Cid et al. introduced the Boomerang Connectivity Table (BCT), a tool to compute the probability of the middle round of a boomerang distinguisher from the description of the cipher's  ...  Their new table and the following works led to a refined understanding of boomerangs, and resulted in a series of improved attacks.  ...  [CHP + 18] recently introduced a tool called the Boomerang Connectivity Figure 3 : 3 Middle rounds of the boomerang distinguisher proposed in [LGW12] .  ... 
doi:10.13154/tosc.v2020.i1.331-362 dblp:journals/tosc/BoukerrouHLMM20 fatcat:ca4b74ggq5h53h42qjd7qwgpje

Evaluate the security margins of SHA-512, SHA-256 and DHA-256 against the boomerang attack

Hongbo Yu, Yonglin Hao, Dongxia Bai
2016 Science China Information Sciences  
Firstly, we give a boomerang attack on 48-step SHA-512 with a practical complexity of 2 51 . The correctness of this attack is verified by providing a Type III boomerang quartet.  ...  In this paper, we try to evaluate the security margins of three hash functions namely SHA-512, SHA-256 and DHA-256 against the boomerang attack.  ...  The original boomerang attack was introduced by Wagner in 1999 [14] as a tool for the cryptanalysis of block ciphers.  ... 
doi:10.1007/s11432-015-5389-4 fatcat:5xnfdu6lf5csjhgi7zx6zym6ry

On the boomerang uniformity of (quadratic) permutations over F_2^n [article]

Sihem Mesnager, Chunming Tang, Maosheng Xiong
2019 arXiv   pre-print
At Eurocrypt'18, Cid, Huang, Peyrin, Sasaki, and Song introduced a new tool called Boomerang Connectivity Table (BCT) for measuring the resistance of a block cipher against the boomerang attack (which  ...  More specifically, we present a slightly different (and more convenient) formulation of the boomerang uniformity and show that the row sum and the column sum of the boomerang connectivity table can be  ...  BCT (optimal means that the maximal value in the Boomerang Connectivity Table equals the lowest known differential uniformity).  ... 
arXiv:1903.00501v1 fatcat:ubxro22o5jhj5eekmoym7pxyli

On the Boomerang Uniformity of Cryptographic Sboxes

Christina Boura, Anne Canteaut
2018 IACR Transactions on Symmetric Cryptology  
Recently, Cid et al. introduced at Eurocrypt'18 a new tool, called the Boomerang Connectivity Table (BCT) that permits to simplify this complexity analysis, by storing and unifying the different switching  ...  We provide in this work a more in-depth analysis of boomerang connectivity tables, by studying more closely differentially 4-uniform Sboxes.  ...  Conclusion Boomerang connectivity tables are newly introduced objects for measuring the resistance of a block cipher against boomerang attacks.  ... 
doi:10.46586/tosc.v2018.i3.290-310 fatcat:svv5q5um4fgc5avumo5553xwbq

On the Boomerang Uniformity of Cryptographic Sboxes

Christina Boura, Anne Canteaut
2018 IACR Transactions on Symmetric Cryptology  
Recently, Cid et al. introduced at Eurocrypt'18 a new tool, called the Boomerang Connectivity Table (BCT) that permits to simplify this complexity analysis, by storing and unifying the different switching  ...  We provide in this work a more in-depth analysis of boomerang connectivity tables, by studying more closely differentially 4-uniform Sboxes.  ...  Conclusion Boomerang connectivity tables are newly introduced objects for measuring the resistance of a block cipher against boomerang attacks.  ... 
doi:10.13154/tosc.v2018.i3.290-310 dblp:journals/tosc/BouraC18 fatcat:aryjhyrcmfejbbkhwbirzlqynm

I-PRESENTTM: An Involutive Lightweight Block Cipher

Muhammad Reza Z'aba, Norziana Jamil, Mohd Ezanee Rusli, Md. Zaini Jamaludin, Ahmad Azlan Mohd Yasir
2014 Journal of Information Security  
This paper proposes a new involutive light-weight block cipher for resource-constraint environments called I-PRESENT TM .  ...  Acknowledgements This work is a research collaboration with CoRE Expert System Sdn Bhd and it was sponsored by them and also Ministry of Education Malaysia, under Fundamental Research Grant Scheme 2014  ...  Boomerang Cryptanalysis In a nutshell, the boomerang attack [22] requires the construction of four differential trails.  ... 
doi:10.4236/jis.2014.53011 fatcat:oh3qwjm4hrgc3gumgu5fifhk6q

Improved Rectangle Attacks on SKINNY and CRAFT

Hosein Hadipour, Nasour Bagheri, Ling Song
2021 IACR Transactions on Symmetric Cryptology  
Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called Double Boomerang Connectivity Table (DBCT  ...  The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for  ...  New Tools for Boomerang Cryptanalysis In this section, we introduce for S-boxes some new tables which can be used to model the dependency between upper and lower differential paths in boomerang distinguishers  ... 
doi:10.46586/tosc.v2021.i2.140-198 fatcat:xucyzoijpzapvfs7dcvcwegn3e

Reconstructing an S-box from its Difference Distribution Table

Orr Dunkelman, Senyang Huang
2019 IACR Transactions on Symmetric Cryptology  
In this paper we study the problem of recovering a secret S-box from its difference distribution table (DDT).  ...  We tested our new algorithm on random S-boxes of different sizes, and for random 14-bit bijective S-boxes, our results outperform the GD attack by several orders of magnitude.  ...  Conclusions In this paper we presented a new algorithm for reconstructing an S-box from its DDT.  ... 
doi:10.13154/tosc.v2019.i2.193-217 dblp:journals/tosc/DunkelmanH19 fatcat:tq5hjkjubfe73k4hbskcevqpie

Reconstructing an S-box from its Difference Distribution Table

Orr Dunkelman, Senyang Huang
2019 IACR Transactions on Symmetric Cryptology  
In this paper we study the problem of recovering a secret S-box from its difference distribution table (DDT).  ...  We tested our new algorithm on random S-boxes of different sizes, and for random 14-bit bijective S-boxes, our results outperform the GD attack by several orders of magnitude.  ...  Conclusions In this paper we presented a new algorithm for reconstructing an S-box from its DDT.  ... 
doi:10.46586/tosc.v2019.i2.193-217 fatcat:tktx4eu5mzdsldee4gqxjmcgte

On the Differential-Linear Connectivity Table of Vectorial Boolean Functions [article]

Anne Canteaut, Lukas Kölsch, Chao Li, Chunlei Li, Kangquan Li, Longjiang Qu, Friedrich Wiemer
2019 arXiv   pre-print
Very recently, Bar-On et al. introduced at Eurocrypt'19 a new tool, called the differential-linear connectivity table (DLCT), which allows for taking into account the dependency between the two subciphers  ...  This paper presents a theoretical characterization of the DLCT of vectorial Boolean functions and also investigates this new criterion for some families of functions with specific forms.  ...  [18] introduced a new concept on S-boxes: the boomerang connectivity table (BCT) that similarly analyzes the dependency between the upper part and lower part of a block cipher in a boomerang attack.  ... 
arXiv:1908.07445v1 fatcat:omf7yiwowbgxngjuyckzh6ks4y

Analysis of Boomerang Differential Trails via a SAT-Based Constraint Solver URSA [chapter]

Aleksandar Kircanski
2015 Lecture Notes in Computer Science  
Examples include merging two differential trail parts into one or, in the case of boomerang and rectangle attacks, connecting two short trails within the quartet boomerang setting.  ...  In this paper, we propose the use of a SAT-based constraint solver URSA as aid in analysis of differential trails and find that previous rectangle/boomerang attacks on XTEA and SHACAL-1 block ciphers and  ...  [12] Table 6 : 6 Incompatible SM3 boomerang trails [3] Table 6 , 6 ∆W 18 [A, C], ∆l 18 [A, C], ∆r 18 [A, C] and ∆l 15 [A, C] contain no active bits and the same is true for ∆l 19 [A, C], we have  ... 
doi:10.1007/978-3-319-28166-7_16 fatcat:ltcgqqdqjjb3pgbxiqb4aqrwey

Boomerang Attack on Step-Reduced SHA-512 [chapter]

Hongbo Yu, Dongxia Bai
2015 Lecture Notes in Computer Science  
Boomerang distinguisher on SHA-512 compression function reduced to 48 steps is proposed, with a practical complexity of 2 51 .  ...  In this work, we analyze the security of SHA-512 with respect to boomerang attack.  ...  However, we note that this work does not build a boomerang property for a hash function to distinguish the hash functions from a random oracle, but only use the boomerang attack as a neutral bits tool  ... 
doi:10.1007/978-3-319-16745-9_18 fatcat:2cbumq4c7fao3oek2utyzsqu2m
« Previous Showing results 1 — 15 out of 96 results