Automatic Search of Rectangle Attacks on Feistel Ciphers: Application to WARP

Authors

  • Virginie Lallemand Université de Lorraine, CNRS, Inria, LORIA, Nancy, France
  • Marine Minier Université de Lorraine, CNRS, Inria, LORIA, Nancy, France
  • Loïc Rouquette CITI, INRIA, INSA Lyon, Villeurbanne, France; LIRIS, UMR5201 CNRS, Villeurbanne, France

DOI:

https://doi.org/10.46586/tosc.v2022.i2.113-140

Keywords:

Cryptanalysis, Feistel cipher, Boomerang attack, WARP

Abstract

In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al. automated tool to the case of Feistel ciphers, and discuss several improvements to keep the execution time reasonable. This technique returns a 23-round distinguisher of probability 2−124, which becomes the best distinguisher presented on WARP so far. We then look for an attack by adding the key recovery phase to our model and we obtain a 26-round rectangle attack with time and data complexities of 2115.9 and 2120.6 respectively, again resulting in the best result presented so far. Incidentally, our analysis discloses how an attacker can take advantage of the position of the key addition (put after the S-box application to avoid complementation properties), which in our case offers an improvement of a factor of 275 of the time complexity in comparison to a variant with the key addition positioned before. Note that our findings do not threaten the security of the cipher which iterates 41 rounds.

Published

2022-06-10

Issue

Section

Articles

How to Cite

Automatic Search of Rectangle Attacks on Feistel Ciphers: Application to WARP. (2022). IACR Transactions on Symmetric Cryptology, 2022(2), 113-140. https://doi.org/10.46586/tosc.v2022.i2.113-140