On the Feistel Counterpart of the Boomerang Connectivity Table

Introduction and Analysis of the FBCT

  • Hamid Boukerrou Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Paul Huynh Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Virginie Lallemand Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Bimal Mandal Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
  • Marine Minier Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
Keywords: Cryptanalysis, Feistel cipher, Boomerang attack, Boomerang switch

Abstract

At Eurocrypt 2018, Cid et al. introduced the Boomerang Connectivity Table (BCT), a tool to compute the probability of the middle round of a boomerang distinguisher from the description of the cipher’s Sbox(es). Their new table and the following works led to a refined understanding of boomerangs, and resulted in a series of improved attacks. Still, these works only addressed the case of Substitution Permutation Networks, and completely left out the case of ciphers following a Feistel construction. In this article, we address this lack by introducing the FBCT, the Feistel counterpart of the BCT. We show that the coefficient at row Δi, ∇o corresponds to the number of times the second order derivative at points Δi, ∇o) cancels out. We explore the properties of the FBCT and compare it to what is known on the BCT. Taking matters further, we show how to compute the probability of a boomerang switch over multiple rounds with a generic formula.

Published
2020-05-07
How to Cite
Boukerrou, H., Huynh, P., Lallemand, V., Mandal, B., & Minier, M. (2020). On the Feistel Counterpart of the Boomerang Connectivity Table: Introduction and Analysis of the FBCT. IACR Transactions on Symmetric Cryptology, 2020(1), 331-362. https://doi.org/10.13154/tosc.v2020.i1.331-362
Section
Articles