Abstract
This work investigates a generic way of combining two very effective and well-studied cryptanalytic tools, proposed almost 18 years apart, namely the boomerang attack introduced by Wagner in FSE 1999 and the yoyo attack by Ronjom et al. in Asiacrypt 2017. In doing so, the s-box switch and ladder switch techniques are leveraged to embed a yoyo trail inside a boomerang trail. As an immediate application, a 6-round key recovery attack on AES-128 is mounted with time complexity of 278. A 10-round key recovery attack on recently introduced AES-based tweakable block cipher Pholkos is also furnished to demonstrate the applicability of the new technique on AES-like constructions. The results on AES are experimentally verified by applying and implementing them on a small scale variant of AES. We provide arguments that draw a relation between the proposed strategy with the retracing boomerang attack devised in Eurocrypt 2020. To the best of our knowledge, this is the first attempt to merge the yoyo and boomerang techniques to analyze SPN ciphers and warrants further attention as it has the potential of becoming an important cryptanalysis tool.
Highlights
Cryptanalysis is one of the most important ways of determining the strength of a cryptosystem
Some of the prominent candidates of this class are the boomerang attack [Wag99], amplified boomerang attack [KKS01], impossible differential attack [BBS99], rebound attack [MRST09]. These techniques have been widely applied to several ciphers: like the rectangle attack on Serpent [BDK01, BDK02], Kasumi [BDK05]; impossible differential attacks on AES [LDKK08, ZWF07, BDK06], CLEFIA, Camellia, LBlock, Simon, ARIA [WZF07, WZZ09, BNPS14, BMNPS14], Rijndael-160 and Rijndael-224 [Min17], rebound attack on Whirlpool and Grøstl [MRST09, MRST10], Keccak [DGPW12] and boomerang attack on AES in single-key setting [Bir05] and in the Licensed under Creative Commons License CC-BY 4.0
Another interesting cryptanalytic technique that is structurally similar to boomerang is the yoyo game which was introduced by Biham et al to analyze Skipjack [BBD+98]
Summary
Cryptanalysis is one of the most important ways of determining the strength of a cryptosystem. The dependency can either lead to an incompatibility as shown by Murphy [Mur11] or can be exploited to improve the number of rounds as shown later by the idea of s-box switch, ladder switch [BKN09, BK09] and further generalized by the sandwich attack [DKS10, DKS14] This leads to the introduction of new tools like the boomerang connectivity table (BCT) [CHP+18], Feistel BCT [BHL+20] and the boomerang. Another interesting cryptanalytic technique that is structurally similar to boomerang (though it does not divide the cipher into sub-ciphers) is the yoyo game which was introduced by Biham et al to analyze Skipjack [BBD+98]. The price we pay is the construction of a truncated differential trail superimposed on the yoyo which behaves like the upper trail of the boomerang This is the motivation for using the term embedding while visualizing this setting. In Appendix C, the key recovery attacks on 5-round and 6-round AES-128 are extended to recover the key of a variant of AES with key size of 256 bits
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
