International Association for Cryptologic Research

International Association
for Cryptologic Research


A generic algorithm for efficient key recovery in differential attacks – and its associated tool

Christina Boura , University of Versailles, France
Nicolas David , Inria, France
Patrick Derbez , Univ Rennes, Inria, CNRS, IRISA, France
Rachelle Heim Boissier , University of Versailles, France
María Naya-Plasencia , Inria, France
Search ePrint
Search Google
Conference: EUROCRYPT 2024
Abstract: Differential cryptanalysis is an old and powerful attack against block ciphers. While different techniques have been introduced throughout the years to improve the complexity of this attack, the key recovery phase remains a tedious and error-prone procedure. In this work, we propose a new algorithm and its associated tool that permits, given a distinguisher, to output an efficient key guessing strategy. Our tool can be applied to SPN ciphers whose linear layer consists of a bit-permutation and whose key schedule is linear or almost linear. It can be used not only to help cryptanalysts find the best differential attack on a given cipher but also to assist designers in their security analysis. We applied our tool to four targets: RECTANGLE, PRESENT-80, SPEEDY-7-192 and GIFT-64. We extend the previous best attack on RECTANGLE-128 by one round and the previous best differential attack against PRESENT-80 by 2 rounds. We improve a previous key recovery step in an attack against SPEEDY and present more efficient key recovery strategies for RECTANGLE-80 and GIFT. Our tool outputs the results in only a second for most targets
  title={A generic algorithm for efficient key recovery in differential attacks – and its associated tool},
  author={Christina Boura and Nicolas David and Patrick Derbez and Rachelle Heim Boissier and María Naya-Plasencia},