Improved related-tweakey boomerang attacks on deoxys-BC

Abstract

This paper improves previous distinguishers and key recovery attacks against Deoxys-BC that is a core primitive of the authenticated encryption scheme Deoxys, which is one of the remaining candidates in CAESAR. We observe that previous attacks by Cid et al.published from ToSC 2017 have a lot of room to be improved. By carefully optimizing attack procedures, we reduce the complexities of 8- and 9-round related-tweakey boomerang distinguishers against Deoxys-BC-256 to 228 and 298respectively, whereas the previous attacks require 274 and 2124respectively. The distinguishers are then extended to 9-round and 10-round boomerang key-recovery attacks with a complexity 2112 and 2170respectively, while the previous rectangle attacks require 2118 and 2204respectively. The optimization techniques used in this paper are conceptually not new, yet we believe that it is important to know how much the attacks are optimized by considering the details of the design.