Automatic Search of Rectangle Attacks on Feistel Ciphers: Application to WARP

In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al...

Full description

Saved in:
Bibliographic Details
Published inIACR Transactions on Symmetric Cryptology Vol. 2022; no. 2; pp. 113 - 140
Main Authors Lallemand, Virginie, Minier, Marine, Rouquette, Loïc
Format Journal Article
LanguageEnglish
Published Ruhr Universität Bochum 10.06.2022
Ruhr-Universität Bochum
Subjects
Artificial Intelligence
Boomerang attack
Computer Science
Cryptanalysis
Cryptography and Security
Feistel cipher
WARP
Feistel cipher
WARP
Cryptanalysis
Boomerang attack
Online AccessGet full text

Cover

Abstract In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al. automated tool to the case of Feistel ciphers, and discuss several improvements to keep the execution time reasonable. This technique returns a 23-round distinguisher of probability 2−124, which becomes the best distinguisher presented on WARP so far. We then look for an attack by adding the key recovery phase to our model and we obtain a 26-round rectangle attack with time and data complexities of 2115.9 and 2120.6 respectively, again resulting in the best result presented so far. Incidentally, our analysis discloses how an attacker can take advantage of the position of the key addition (put after the S-box application to avoid complementation properties), which in our case offers an improvement of a factor of 275 of the time complexity in comparison to a variant with the key addition positioned before. Note that our findings do not threaten the security of the cipher which iterates 41 rounds.
AbstractList In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al. automated tool to the case of Feistel ciphers, and discuss several improvements to keep the execution time reasonable. This technique returns a 23-round distinguisher of probability 2−124, which becomes the best distinguisher presented on WARP so far. We then look for an attack by adding the key recovery phase to our model and we obtain a 26-round rectangle attack with time and data complexities of 2115.9 and 2120.6 respectively, again resulting in the best result presented so far. Incidentally, our analysis discloses how an attacker can take advantage of the position of the key addition (put after the S-box application to avoid complementation properties), which in our case offers an improvement of a factor of 275 of the time complexity in comparison to a variant with the key addition positioned before. Note that our findings do not threaten the security of the cipher which iterates 41 rounds.
In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We start by looking for boomerang characteristics that directly take into account the boomerang switch effects by showing how to adapt Delaune et al. automated tool to the case of Feistel ciphers, and discuss several improvements to keep the execution time reasonable. This technique returns a 23-round distinguisher of probability 2^{−124}, which becomes the best distinguisher presented on WARP so far. We then look for an attack by adding the key recovery phase to our model and we obtain a 26-round rectangle attack with time and data complexities of 2^{115.9} and 2^{120.6} respectively, again resulting in the best result presented so far. Incidentally, our analysis discloses how an attacker can take advantage of the position of the key addition (put after the S-box application to avoid complementation properties), which in our case offers an improvement of a factor of 2^{75} of the time complexity in comparison to a variant with the key addition positioned before. Note that our findings do not threaten the security of the cipher which iterates 41 rounds.
Author Rouquette, Loïc
Lallemand, Virginie
Minier, Marine
Author_xml – sequence: 1
  givenname: Virginie
  surname: Lallemand
  fullname: Lallemand, Virginie
– sequence: 2
  givenname: Marine
  surname: Minier
  fullname: Minier, Marine
– sequence: 3
  givenname: Loïc
  surname: Rouquette
  fullname: Rouquette, Loïc
BackLink https://hal.science/hal-03760280$$DView record in HAL
BookMark eNqFkd9LHDEQx0OxoLX-CyWvfdhzMonZTfFlOWoVrrT4A_sWkmziRdfLkaSC_3337qRUX_o0w2Q-X8h8PpC9VVp5Qj4xmAl50snjmoqbPSEgziLOGOMNE_COHOAJUw1r-a-9f_p9clTKPQBgp7gU6oB873_X9GhqdPTKm-yWNAV66V01q7vR075W4x4KTSt65mOpfqTzuF76XL7Qfr0eo5vQ6bEmettf_vxI3gczFn_0Ug_JzdnX6_l5s_jx7WLeLxrHWQeNUNJ3CIINoTPcOgjKMgs4mK7jXgpmsUUYWPBWKVSSowxyCE5Zg1Yy4IfkYpc7JHOv1zk-mvysk4l6O0j5Tps8_Wn0uhUI3KoBUDkR3GCYNV0YWuMFFwrZlPV5l7U046uo836hNzPgrZwOBk-bXbnbdTmVkn34CzDQWx9640NvfeiIevKhJx8TePoGdLFuT1ezieP_8D-bLpQQ
CitedBy_id crossref_primary_10_1016_j_jisa_2024_103950
crossref_primary_10_1093_comjnl_bxad075
crossref_primary_10_1007_s10623_023_01226_4
ContentType Journal Article
Copyright Attribution
Copyright_xml – notice: Attribution
DBID AAYXX
CITATION
1XC
VOOES
DOA
DOI 10.46586/tosc.v2022.i2.113-140
DatabaseName CrossRef
Hyper Article en Ligne (HAL)
Hyper Article en Ligne (HAL) (Open Access)
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
DatabaseTitleList
CrossRef
Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ (Directory of Open Access Journals)
  url: https://www.doaj.org/
  sourceTypes: Open Website
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 2519-173X
EndPage 140
ExternalDocumentID oai_doaj_org_article_74203b9d029c4fcda1ba8fd7ae434921
oai_HAL_hal_03760280v1
10_46586_tosc_v2022_i2_113_140
GroupedDBID AAYXX
ADBBV
ALMA_UNASSIGNED_HOLDINGS
BCNDV
CITATION
GROUPED_DOAJ
1XC
VOOES
ID FETCH-LOGICAL-c3180-496e82041df8a3bc0f9b1b02da883e641b2720d1feb99296326f6dfc9ba2b6103
IEDL.DBID DOA
ISSN 2519-173X
IngestDate Wed Aug 27 01:15:36 EDT 2025
Sat Jul 26 06:31:17 EDT 2025
Thu Apr 24 23:08:34 EDT 2025
Tue Jul 01 03:41:35 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 2
Keywords Feistel cipher
WARP
Cryptanalysis
Boomerang attack
Language English
License http://creativecommons.org/licenses/by/4.0
Attribution: http://creativecommons.org/licenses/by
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c3180-496e82041df8a3bc0f9b1b02da883e641b2720d1feb99296326f6dfc9ba2b6103
ORCID 0000-0003-3252-2578
0009-0002-0242-2998
OpenAccessLink https://doaj.org/article/74203b9d029c4fcda1ba8fd7ae434921
PageCount 28
ParticipantIDs doaj_primary_oai_doaj_org_article_74203b9d029c4fcda1ba8fd7ae434921
hal_primary_oai_HAL_hal_03760280v1
crossref_primary_10_46586_tosc_v2022_i2_113_140
crossref_citationtrail_10_46586_tosc_v2022_i2_113_140
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2022-06-10
PublicationDateYYYYMMDD 2022-06-10
PublicationDate_xml – month: 06
  year: 2022
  text: 2022-06-10
  day: 10
PublicationDecade 2020
PublicationTitle IACR Transactions on Symmetric Cryptology
PublicationYear 2022
Publisher Ruhr Universität Bochum
Ruhr-Universität Bochum
Publisher_xml – name: Ruhr Universität Bochum
– name: Ruhr-Universität Bochum
SSID ssj0002893649
Score 2.2209504
Snippet In this paper we present a boomerang analysis of WARP, a recently proposed Generalized Feistel Network with extremely compact hardware implementations. We...
SourceID doaj
hal
crossref
SourceType Open Website
Open Access Repository
Enrichment Source
Index Database
StartPage 113
SubjectTerms Artificial Intelligence
Boomerang attack
Computer Science
Cryptanalysis
Cryptography and Security
Feistel cipher
WARP
Title Automatic Search of Rectangle Attacks on Feistel Ciphers: Application to WARP
URI https://hal.science/hal-03760280
https://doaj.org/article/74203b9d029c4fcda1ba8fd7ae434921
Volume 2022
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LS8NAEF6kJy-iqFhfLOI17b4as95isRSxImKxt5B9aaU0YtP-fmeSttZTL16XbB4zG-b7dma_IeQ6eNxXEDIKAN0ilRgZGVhHkc1RW8R3pE7wNPLgKe4P1cOoM9po9YU1YbU8cG24NlA3Jo12TGirgnU5N3kS3E3uFQrrVcQHYt4Gmfqs02cyVro-EqwgysbtspjZ1gK4vmiNBbYyiTjueGxEo0q0H2LMx2pPtYoxvX2ytwSHNK1f6oDs-OkhGaTzsqiEVWldG0yLQAHtAap7n3ialiUek6fFlPY8-mxCu2PUCpjd0vQ3O03Lgr6lL89HZNi7f-32o2UThMjC78YipWMPUVpxF5JcGsuCNtww4fIkkT5W3GAm1fHgjQaoEwMcC7ELVptcGMBG8pg0psXUnxAqXCdwzzX4IVcAXIyy3AE8sSH2yt4kTdJZGSOzS4VwbFQxyYApVEbM0IhZZcRsLIA9SKAOrEna63lftUbG1hl3aOv11ahxXQ2A57Ol57Ntnm-SK_DUn3v008cMxxiW-oiELfjpfzzpjOziB2CFGGfnpFF-z_0FYJHSXFbL7gd3Ydlt
linkProvider Directory of Open Access Journals
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Automatic+Search+of+Rectangle+Attacks+on+Feistel+Ciphers%3A+Application+to+WARP&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Lallemand%2C+Virginie&rft.au=Minier%2C+Marine&rft.au=Rouquette%2C+Lo%C3%AFc&rft.date=2022-06-10&rft.pub=Ruhr+Universit%C3%A4t+Bochum&rft.issn=2519-173X&rft.eissn=2519-173X&rft.volume=2022&rft.issue=2&rft.spage=113&rft.epage=140&rft_id=info:doi/10.46586%2Ftosc.v2022.i2.113-140&rft.externalDBID=HAS_PDF_LINK&rft.externalDocID=oai_HAL_hal_03760280v1
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2519-173X&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2519-173X&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2519-173X&client=summon