Analysis of Boomerang Differential Trails via a SAT-Based Constraint Solver URSA [chapter]

Aleksandar Kircanski
2015 Lecture Notes in Computer Science  
In order to obtain differential patterns over many rounds of a cryptographic primitive, the cryptanalyst often needs to work on local differential trail analysis. Examples include merging two differential trail parts into one or, in the case of boomerang and rectangle attacks, connecting two short trails within the quartet boomerang setting. In the latter case, as shown by Murphy in 2011, caution should be exercised as there is increased chance of running into contradictions in the middle
more » ... of the primitive. In this paper, we propose the use of a SAT-based constraint solver URSA as aid in analysis of differential trails and find that previous rectangle/boomerang attacks on XTEA and SHACAL-1 block ciphers and SM3 hash function are based on incompatible trails. Given the C specification of the cryptographic primitive, verifying differential trail portions requires minimal work on the side of the cryptanalyst.
doi:10.1007/978-3-319-28166-7_16 fatcat:ltcgqqdqjjb3pgbxiqb4aqrwey