New results on boomerang and rectangle attacks

Eli Biham, Orr Dunkelman, Nathan Keller

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The boomerang attack is a newand very powerful cryptanalytic technique. However, due to the adaptive chosen plaintext and ciphertext nature of the attack, boomerang key recovery attacks that retrieve key material on both sides of the boomerang distinguisher are hard to mount.We also present a method for using a boomerang distinguisher, which enables retrieving subkey bits on both sides of the boomerang distinguisher. The rectangle attack evolved from the boomerang attack.In this paper we present a new algorithm which improves the results of the rectangle attack. Using these improvements we can attack 3.5-round SC2000 with 267 adaptive chosen plaintexts and ciphertexts, and 10-round Serpent with time complexity of 2173.8 memory accesses (which are equivalent to 2165.3 Serpent encryptions) with data complexity of 2126.3 chosen plaintexts.

Original languageEnglish
Title of host publicationFast Software Encryption - 9th International Workshop, FSE 2002, Revised Papers
EditorsJoan Daemen, Vincent Rijmen
PublisherSpringer Verlag
Number of pages16
ISBN (Print)9783540440093
StatePublished - 2002
Externally publishedYes
Event9th International Workshop on Fast Software Encryption, FSE 2002 - Leuven, Belgium
Duration: 4 Feb 20026 Feb 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference9th International Workshop on Fast Software Encryption, FSE 2002

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2002.

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'New results on boomerang and rectangle attacks'. Together they form a unique fingerprint.

Cite this