On the Feistel Counterpart of the Boomerang Connectivity Table

Introduction and Analysis of the FBCT

Authors

  • Hamid Boukerrou Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Paul Huynh Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Virginie Lallemand Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Bimal Mandal Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Marine Minier Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France

DOI:

https://doi.org/10.13154/tosc.v2020.i1.331-362

Keywords:

Cryptanalysis, Feistel cipher, Boomerang attack, Boomerang switch

Abstract

At Eurocrypt 2018, Cid et al. introduced the Boomerang Connectivity Table (BCT), a tool to compute the probability of the middle round of a boomerang distinguisher from the description of the cipher’s Sbox(es). Their new table and the following works led to a refined understanding of boomerangs, and resulted in a series of improved attacks. Still, these works only addressed the case of Substitution Permutation Networks, and completely left out the case of ciphers following a Feistel construction. In this article, we address this lack by introducing the FBCT, the Feistel counterpart of the BCT. We show that the coefficient at row Δi, ∇o corresponds to the number of times the second order derivative at points Δi, ∇o) cancels out. We explore the properties of the FBCT and compare it to what is known on the BCT. Taking matters further, we show how to compute the probability of a boomerang switch over multiple rounds with a generic formula.

Downloads

Published

2020-05-07

Issue

Section

Articles

How to Cite

On the Feistel Counterpart of the Boomerang Connectivity Table: Introduction and Analysis of the FBCT. (2020). IACR Transactions on Symmetric Cryptology, 2020(1), 331-362. https://doi.org/10.13154/tosc.v2020.i1.331-362