CryptoDB
Mix-Basis Geometric Approach to Boomerang Distinguishers
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Differential cryptanalysis relies on assumptions like Markov ciphers and hypothesis of stochastic equivalence. The probability of a differential characteristic estimated by classical methods is the key-averaged probability under the two assumptions. However, the real probability can vary significantly between keys. Hence, tools for differential cryptanalysis in the fixed-key model are desirable. Recently, Beyne and Rijmen applied the geometric approach to differential cryptanalysis and proposed a systematic framework called quasi-differential (CRYPTO 2022).As a variant of differential cryptanalysis, boomerang attacks rely on similar assumptions, so it is important to study their probability in the fixed-key model as well. A direct extension of the quasi-differential for boomerang attacks leads to the quasi-3- differential framework (IEEE-IT 2024). However, such a straightforward approach is difficult in practical applications as there are too many quasi-3-differential trails.We tackle this problem by applying the mix-basis style geometric approach (CRYPTO 2025) to the boomerang attacks and construct the quasi-boomerang framework. By choosing a suitable pair of bases, the boomerang probability can be computed by summing correlations of quasi-boomerang characteristics. The transition matrix of the key-XOR operation is also a diagonal matrix; thus, the influence of keys can be analyzed in a similar way to the quasi-differential framework.We apply the quasi-boomerang framework to SKINNY-64 and GIFT-64. For SKINNY- 64, we check and confirm 4 boomerang distinguishers with high probability (2 with probability 1 and 2 with probability 2−4) generated from Hadipour, Bagheri, and Song’s tool (ToSC 2021/1), through the analysis of key dependencies and the probability calculation from quasi-boomerang characteristics. We also propose a divide-and-conquer approach following the sandwich framework for boomerangs with small probability or long rounds to apply the quasi-boomerang framework. After checking 2/1 boomerang distinguisher(s) of SKINNY-64/GIFT-64, we find that the previously considered invalid 19-round distinguisher of GIFT-64 is valid.In addition, as a contribution of independent interest, we revisit Boura, Derbez, and Germon’s work by extending the quasi-differential framework to the related-key scenario (ToSC 2025/1), and show an alternative way to derive the same formulas in their paper by regarding the key-XOR as a normal cipher component. |
BibTeX
@article{tosc-2025-36296,
title={Mix-Basis Geometric Approach to Boomerang Distinguishers},
journal={IACR Transactions on Symmetric Cryptology},
publisher={Ruhr-Universität Bochum},
volume={2025},
pages={693-728},
url={https://tosc.iacr.org/index.php/ToSC/article/view/12483},
doi={10.46586/tosc.v2025.i3.693-728},
author={Chengcheng Chang and Hosein Hadipour and Kai Hu and Muzhou Li and Meiqin Wang},
year=2025
}