On the Pseudorandomness of Top-Level Schemes of Block Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Impossible Differential Cryptanalysis of CLEFIA
Fast Software Encryption
An Improved Impossible Differential Attack on MISTY1
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Analysis of the SMS4 block cipher
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A related-key rectangle attack on the full KASUMI
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
New insights on impossible differential cryptanalysis
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
On permutation layer of type 1, source-heavy, and target-heavy generalized feistel structures
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Generalized Feistel networks revisited
Designs, Codes and Cryptography
A unified method for finding impossible differentials of block cipher structures
Information Sciences: an International Journal
Linear hulls with correlation zero and linear cryptanalysis of block ciphers
Designs, Codes and Cryptography
Hi-index | 0.00 |
Impossible boomerang attack [5] (IBA) is a new variant of differential cryptanalysis against block ciphers. Evident from its name, it combines the ideas of both impossible differential cryptanalysis and boomerang attack. Though such an attack might not be the best attack available, its complexity is still less than that of the exhaustive search. In impossible boomerang attack, impossible boomerang distinguishers are used to retrieve some of the subkeys. Thus the security of a block cipher against IBA can be evaluated by impossible boomerang distinguishers. In this paper, we study the impossible boomerang distinguishers for block cipher structures whose round functions are bijective. Inspired by the $\mathcal{U}$-method in [3], we provide an algorithm to compute the maximum length of impossible boomerang distinguishers for general block cipher structures, and apply the algorithm to known block cipher structures such as Nyberg's generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, etc.