Advances in Cryptology – EUROCRYPT 2005

Volume 3494 of the series Lecture Notes in Computer Science pp 507-525

Related-Key Boomerang and Rectangle Attacks

  • Eli BihamAffiliated withComputer Science Department, Technion
  • , Orr DunkelmanAffiliated withComputer Science Department, Technion
  • , Nathan KellerAffiliated withEinstein Institute of Mathematics, Hebrew University


The boomerang attack and the rectangle attack are two attacks that utilize differential cryptanalysis in a larger construction. Both attacks treat the cipher as a cascade of two sub-ciphers, where there exists a good differential for each sub-cipher, but not for the entire cipher. In this paper we combine the boomerang (and the rectangle) attack with related-key differentials.

The new combination is applicable to many ciphers, and we demonstrate its strength by introducing attacks on reduced-round versions of AES and IDEA. The attack on 192-bit key 9-round AES uses 256 different related keys. The 6.5-round attack on IDEA uses four related keys (and has time complexity of 288.1 encryptions). We also apply these techniques to COCONUT98 to obtain a distinguisher that requires only four related-key adaptive chosen plaintexts and ciphertexts. For these ciphers, our results attack larger number of rounds or have smaller complexities then all previously known attacks.