Related-key boomerang and rectangle attacks

Eli Biham, Orr Dunkelman, Nathan Keller

Research output: Contribution to journalConference articlepeer-review


The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials. The new combination is applicable to many ciphers, and we demon-strate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.

Original languageEnglish
Pages (from-to)507-525
Number of pages19
JournalLecture Notes in Computer Science
StatePublished - 2005
Externally publishedYes
Event24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology - EUROCRYPT 2005 - Aarhus, Denmark
Duration: 22 May 200526 May 2005

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Related-key boomerang and rectangle attacks'. Together they form a unique fingerprint.

Cite this