Abstract

The boomerang attack is a cryptanalysis technique against block ciphers which combines two differentials for the upper part and the lower part of the cipher. The dependency between these two differentials then highly affects the complexity of the attack and all its variants. Recently, Cid et al. introduced at Eurocrypt’18 a new tool, called the Boomerang Connectivity Table (BCT) that permits to simplify this complexity analysis, by storing and unifying the different switching probabilities of the cipher’s Sbox in one table. In this seminal paper a brief analysis of the properties of these tables is provided and some open questions are raised. It is being asked in particular whether Sboxes with optimal BCTs exist for even dimensions, where optimal means that the maximal value in the BCT equals the lowest known differential uniformity. When the dimension is even and differs from 6, such optimal Sboxes correspond to permutations such that the maximal value in their DDT and in their BCT equals 4 (unless APN permutations for such dimensions exist). We provide in this work a more in-depth analysis of boomerang connectivity tables, by studying more closely differentially 4-uniform Sboxes. We first completely characterize the BCT of all differentially 4-uniform permutations of 4 bits and then study these objects for some cryptographically relevant families of Sboxes, as the inverse function and quadratic permutations. These two families provide us with the first examples of differentially 4-uniform Sboxes optimal against boomerang attacks for an even number of variables, answering the above open question.

Highlights

  • The boomerang attack, introduced by Wagner in 1999 [Wag99] is an important cryptanalysis technique against block ciphers

  • An open question raised in [CHP+18] is whether optimal differentially 4uniform Sboxes exist against boomerang attacks, where optimal means that the maximal value in the Boomerang Connectivity Table (BCT) is 4

  • In this paper we study the properties of BCTs, solve some of the problems raised in [CHP+18] and provide results for the BCTs of some important cryptographic families of Sboxes

Read more

Summary

Introduction

The boomerang attack, introduced by Wagner in 1999 [Wag99] is an important cryptanalysis technique against block ciphers. In [CHP+18] the authors proposed a new method for evaluating this probability in a more systematic way than by running experiments This approach consists in studying (2) for a single Sbox by a method which follows closely what is done for measuring the resistance of a cipher against differential cryptanalysis. The introduction of the Boomerang Connectivity Tables in [CHP+18] was accompanied by a preliminary analysis of their properties and especially of their link with the corresponding DDTs. The authors show notably that the maximum in the BCT, β, is at least equal to the differential uniformity of the Sbox. An open question raised in [CHP+18] is whether optimal differentially 4uniform Sboxes exist against boomerang attacks, where optimal means that the maximal value in the BCT is 4. The inverse function and the quadratic differentially 4-uniform power permutations for n ≡ 2 mod 4 provide us with the first examples of optimal non-APN functions against boomerang cryptanalysis

Preliminaries
Invariance under some equivalence relations
An alternative formulation
BCT tables for 4-bit permutations
Understanding the results
BCT of the inverse mapping over F2n
BCT of quadratic permutations with differential uniformity 4
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.