On the Feistel Counterpart of the Boomerang Connectivity Table: Introduction and Analysis of the FBCT

Hamid Boukerrou; Paul Huynh; Virginie Lallemand; Bimal  Mandal; Marine Minier

doi:10.13154/tosc.v2020.i1.331-362

Authors

Hamid Boukerrou Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
Paul Huynh Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
Virginie Lallemand Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
Bimal Mandal Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France
Marine Minier Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France

DOI:

https://doi.org/10.13154/tosc.v2020.i1.331-362

Keywords:

Cryptanalysis, Feistel cipher, Boomerang attack, Boomerang switch

Abstract

At Eurocrypt 2018, Cid et al. introduced the Boomerang Connectivity Table (BCT), a tool to compute the probability of the middle round of a boomerang distinguisher from the description of the cipher’s Sbox(es). Their new table and the following works led to a refined understanding of boomerangs, and resulted in a series of improved attacks. Still, these works only addressed the case of Substitution Permutation Networks, and completely left out the case of ciphers following a Feistel construction. In this article, we address this lack by introducing the FBCT, the Feistel counterpart of the BCT. We show that the coefficient at row Δ_i, ∇_o corresponds to the number of times the second order derivative at points Δ_i, ∇_o) cancels out. We explore the properties of the FBCT and compare it to what is known on the BCT. Taking matters further, we show how to compute the probability of a boomerang switch over multiple rounds with a generic formula.

On the Feistel Counterpart of the Boomerang Connectivity Table

Introduction and Analysis of the FBCT

Authors

DOI:

Keywords:

Abstract

Downloads

Published

Issue

Section

License

How to Cite

iacr-logo