Improved (related-key) Attacks on Round-Reduced KATAN-32/48/64 Based on the Extended Boomerang Framework

  • Jiageng ChenEmail author
  • Je Sen TehEmail author
  • Chunhua Su
  • Azman Samsudin
  • Junbin Fang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9723)


The boomerang attack is one of the many extensions of the original differential attack. It has been widely applied to successfully attack many existing ciphers. In this paper, we investigate an extended version of the boomerang attack and show that it is still a very powerful tool especially in the related-key setting. A new branch-and-bound searching strategy which involves the extended boomerang framework is then introduced. We provide an improved cryptanalysis on the KATAN family (a family of hardware-oriented block ciphers proposed in CHES 2009) based on the boomerang attack. In the related-key setting, we were able to greatly improve upon the previous results to achieve the best results, namely 150 and 133 rounds by far for KATAN48/64 respectively. For KATAN32 in the related-key setting and all KATAN variants in the single-key setting, our results are the best ones in the differential setting although inferior to the meet-in-the-middle attack.


KATAN32/48/64 Related-key attack Boomerang attack Differential attack 



This work has been partly supported by the research funds of CCNU from colleges’ basic research and operation of MOE under grand No. CCNU16A05040, and Fundamental Research Grant Scheme (FRGS - 203/PKOMP/6711427) funded by the Ministry of Higher Education of Malaysia (MOHE). The authors would like to thank anonymous reviewers for their comments. A special mention is needed for Jiqiang Lu for all the help and suggestions to improve this paper.


  1. 1.
    Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated Dynamic Cube Attack on Block Ciphers: Cryptanalysis of SIMON and KATAN. IACR Cryptology ePrint Archive 2015 (2015)Google Scholar
  2. 2.
    Albrecht, M.R., Leander, G.: An all-in-one approach to differential cryptanalysis for small block ciphers. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 1–15. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: New results on boomerang and rectangle attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O., Keller, N.: The rectangle attack - rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  6. 6.
    Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Blondeau, C., Gérard, B.: Multiple differential cryptanalysis: theory and practice. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 35–54. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Fuhr, T., Minaud, B.: Match box meet-in-the-middle attack against KATAN. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 61–81. Springer, Heidelberg (2015)Google Scholar
  11. 11.
    Isobe, T., Sasaki, Y., Chen, J.: Related-key boomerang attacks on KATAN32/48/64. In: Boyd, C., Simpson, L. (eds.) ACISP. LNCS, vol. 7959, pp. 268–285. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 202–221. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Isobe, T., Shibutani, K.: Improved all-subkeys recovery attacks on FOX, KATAN and SHACAL-2 block ciphers. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 104–126. Springer, Heidelberg (2015)Google Scholar
  14. 14.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified boomerang attacks against reduced-round MARS and serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of trivium and KATAN. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 200–212. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Differential and rectangle attacks on reduced-round SHACAL-1. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 17–31. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Related-key rectangle attack on 42-round SHACAL-2. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 85–100. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Matsui, M.: On correlation between the order of S-Boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  20. 20.
    Rasoolzadeh, S., Raddum, H.: Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN. IACR Cryptology ePrint Archive 2016 (2016)Google Scholar
  21. 21.
    Sun, B., Liu, Z., Rijmen, V., Li, R., Cheng, L., Wang, Q., Alkhzaimi, H., Li, C.: Links among impossible differential, integral and zero correlation linear cryptanalysis. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology-CRYPTO 2015. LNCS, vol. 9215, pp. 95–115. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  22. 22.
    Wagner, D.: The boomerang attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  23. 23.
    Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved meet-in-the-middle cryptanalysis of KTANTAN (Poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 433–438. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Zhu, B., Gong, G.: Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64. Crypt. Commun. 6, 313–333 (2014)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Computer SchoolCentral China Normal UniversityWuhanChina
  2. 2.School of Computer SciencesUniversiti Sains MalaysiaGeorge TownMalaysia
  3. 3.School of Information ScienceJapan Advanced Institute of Science and TechnologyNomiJapan
  4. 4.Department of Optoelectronic EngineeringJinan UniversityGuangzhouChina

Personalised recommendations