Verder naar navigatie Doorgaan naar hoofdinhoud Ga naar de voettekst

Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA

Analysis of Boomerang Differential Trails via a SAT-Based Constraint Solver URSA

Paper to be presented at ACNS 2015.

Abstract

Obtaining differential patterns over many rounds of a cryptographic primitive often requires working on local differential trail analysis. In the case of boomerang and rectangle attacks, merging two short differential trails into one long differential pattern is required. It was previously shown by Murphy that caution should be exercised as there is increased chance of running into contradictions in the middle rounds of the primitive.

In this paper, we propose the use of a SAT-based constraint solver URSA as aid in analysis of differential trails and find that previous rectangle/boomerang attacks on XTEA, SHACAL-1 and SM3 primitives are based on incompatible trails. Given the C specification of the cryptographic primitive, verifying differential trail portions requires minimal work on the side of the cryptanalyst.

 

Download whitepaper