{"id":"https://openalex.org/W4400644848","doi":"https://doi.org/10.1007/s00145-024-09512-7","title":"The Retracing Boomerang Attack, with Application to Reduced-Round AES","display_name":"The Retracing Boomerang Attack, with Application to Reduced-Round AES","publication_year":2024,"publication_date":"2024-07-01","ids":{"openalex":"https://openalex.org/W4400644848","doi":"https://doi.org/10.1007/s00145-024-09512-7"},"language":"en","primary_location":{"id":"doi:10.1007/s00145-024-09512-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00145-024-09512-7","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00145-024-09512-7.pdf","source":{"id":"https://openalex.org/S190936789","display_name":"Journal of Cryptology","issn_l":"0933-2790","issn":["0933-2790","1432-1378"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s00145-024-09512-7.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5065467078","display_name":"Orr Dunkelman","orcid":"https://orcid.org/0000-0001-5799-2635"},"institutions":[{"id":"https://openalex.org/I91203450","display_name":"University of Haifa","ror":"https://ror.org/02f009v59","country_code":"IL","type":"education","lineage":["https://openalex.org/I91203450"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Orr Dunkelman","raw_affiliation_strings":["Computer Science Department, University of Haifa, Haifa, Israel"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, University of Haifa, Haifa, Israel","institution_ids":["https://openalex.org/I91203450"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114500405","display_name":"Nathan Keller","orcid":"https://orcid.org/0000-0002-1591-9840"},"institutions":[{"id":"https://openalex.org/I13955877","display_name":"Bar-Ilan University","ror":"https://ror.org/03kgsv495","country_code":"IL","type":"education","lineage":["https://openalex.org/I13955877"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Nathan Keller","raw_affiliation_strings":["Department of Mathematics, Bar-Ilan University, Ramat Gan, Israel"],"affiliations":[{"raw_affiliation_string":"Department of Mathematics, Bar-Ilan University, Ramat Gan, Israel","institution_ids":["https://openalex.org/I13955877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000713291","display_name":"Eyal Ronen","orcid":"https://orcid.org/0000-0002-6013-7426"},"institutions":[{"id":"https://openalex.org/I16391192","display_name":"Tel Aviv University","ror":"https://ror.org/04mhzgx49","country_code":"IL","type":"education","lineage":["https://openalex.org/I16391192"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Eyal Ronen","raw_affiliation_strings":["School of Computer Science, Tel Aviv University, Tel Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, Tel Aviv University, Tel Aviv, Israel","institution_ids":["https://openalex.org/I16391192"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009126679","display_name":"Adi Shamir","orcid":"https://orcid.org/0000-0002-5422-905X"},"institutions":[{"id":"https://openalex.org/I53964585","display_name":"Weizmann Institute of Science","ror":"https://ror.org/0316ej306","country_code":"IL","type":"education","lineage":["https://openalex.org/I53964585"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Adi Shamir","raw_affiliation_strings":["Faculty of Mathematics and Computer Science, Weizmann Institute of Science, Rehovot, Israel"],"affiliations":[{"raw_affiliation_string":"Faculty of Mathematics and Computer Science, Weizmann Institute of Science, Rehovot, Israel","institution_ids":["https://openalex.org/I53964585"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5065467078"],"corresponding_institution_ids":["https://openalex.org/I91203450"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":0.7088,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.74722951,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":"37","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.6970041990280151},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5961668491363525},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.4139104187488556},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.34731096029281616}],"concepts":[{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.6970041990280151},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5961668491363525},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.4139104187488556},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.34731096029281616}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s00145-024-09512-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00145-024-09512-7","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00145-024-09512-7.pdf","source":{"id":"https://openalex.org/S190936789","display_name":"Journal of Cryptology","issn_l":"0933-2790","issn":["0933-2790","1432-1378"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cryptology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s00145-024-09512-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s00145-024-09512-7","pdf_url":"https://link.springer.com/content/pdf/10.1007/s00145-024-09512-7.pdf","source":{"id":"https://openalex.org/S190936789","display_name":"Journal of Cryptology","issn_l":"0933-2790","issn":["0933-2790","1432-1378"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320323387","display_name":"University of Haifa","ror":"https://ror.org/02f009v59"},{"id":"https://openalex.org/F4320335863","display_name":"Center for Research in Applied Cryptography and Cyber Security, Bar-Ilan University","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4400644848.pdf","grobid_xml":"https://content.openalex.org/works/W4400644848.grobid-xml"},"referenced_works_count":43,"referenced_works":["https://openalex.org/W52191336","https://openalex.org/W1493204363","https://openalex.org/W1515958737","https://openalex.org/W1518406241","https://openalex.org/W1538476572","https://openalex.org/W1540066842","https://openalex.org/W1572300106","https://openalex.org/W1587120902","https://openalex.org/W1597699498","https://openalex.org/W1629301835","https://openalex.org/W1870015754","https://openalex.org/W1871986277","https://openalex.org/W1964723977","https://openalex.org/W1965570021","https://openalex.org/W1994591449","https://openalex.org/W2100510009","https://openalex.org/W2145038746","https://openalex.org/W2157803851","https://openalex.org/W2182100776","https://openalex.org/W2234576048","https://openalex.org/W2252401345","https://openalex.org/W2395664524","https://openalex.org/W2479257632","https://openalex.org/W2610935322","https://openalex.org/W2749290289","https://openalex.org/W2769426629","https://openalex.org/W2791488703","https://openalex.org/W2794069903","https://openalex.org/W2794557845","https://openalex.org/W2795355075","https://openalex.org/W2883079933","https://openalex.org/W2884742479","https://openalex.org/W2900658357","https://openalex.org/W2982416332","https://openalex.org/W2999106493","https://openalex.org/W3029679304","https://openalex.org/W3037810589","https://openalex.org/W3037997309","https://openalex.org/W3199406320","https://openalex.org/W4243092246","https://openalex.org/W4245610589","https://openalex.org/W4250739989","https://openalex.org/W4365806856"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W3038283795","https://openalex.org/W2604501336","https://openalex.org/W2734500670","https://openalex.org/W2558166297","https://openalex.org/W2315671126","https://openalex.org/W798507144","https://openalex.org/W2964481303","https://openalex.org/W1751413323"],"abstract_inverted_index":{"Abstract":[0],"Boomerang":[1],"attacks":[2,7,78,298],"are":[3,276],"extensions":[4],"of":[5,18,24,37,60,76,84,88,119,140,175,185,190,199,250,259],"differential":[6,16],"that":[8,156],"make":[9,154],"it":[10,181,222],"possible":[11],"to":[12,64,93,123,182,226,254,285],"combine":[13],"two":[14,300],"unrelated":[15],"properties":[17,62],"the":[19,38,61,81,89,100,111,117,120,137,141,157,162,173,176,183,248,255,304,308],"first":[20],"and":[21,30,135,168,239,299,307],"second":[22],"part":[23],"a":[25,33,73,108,148,196,279,293],"cryptosystem":[26,40],"with":[27,41,240],"probabilities":[28],"p":[29],"q":[31],"into":[32],"new":[34,74,177,242,290],"differential-like":[35],"property":[36,122],"whole":[39],"probability":[42,118],"$$p^2q^2$$":[43],"<mml:math":[44,125,212,228,261],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\">":[45,126,213,229,262],"<mml:mrow>":[46,127,265],"<mml:msup>":[47,51,128,214,230,263],"<mml:mi>p</mml:mi>":[48,129],"<mml:mn>2</mml:mn>":[49,53,130,215,231,264],"</mml:msup>":[50,54,131,217,233,268],"<mml:mi>q</mml:mi>":[52,132],"</mml:mrow>":[55,133,267],"</mml:math>":[56,134,218,234,269],"(since":[57],"each":[58],"one":[59],"has":[63],"be":[65],"satisfied":[66],"twice).":[67],"In":[68,103,283],"this":[69,106,146],"paper,":[70],"we":[71,153,159,179,244],"describe":[72],"version":[75,189],"boomerang":[77,150,158,297],"which":[79,115],"uses":[80],"counterintuitive":[82],"idea":[83],"throwing":[85],"out":[86],"most":[87],"data":[90],"in":[91],"order":[92],"force":[94],"equalities":[95],"between":[96,110,296],"certain":[97,104],"values":[98],"on":[99,165],"ciphertext":[101],"side.":[102],"cases,":[105],"creates":[107],"correlation":[109],"four":[112],"probabilistic":[113],"events,":[114],"increases":[116,136],"combined":[121],"$$p^2q$$":[124],"signal-to-noise":[138],"ratio":[139],"resultant":[142],"distinguisher.":[143],"We":[144],"call":[145],"variant":[147],"retracing":[149],"attack":[151],"since":[152],"sure":[155],"throw":[160],"follows":[161],"same":[163],"path":[164],"its":[166,205],"forward":[167],"backward":[169],"directions.":[170],"To":[171],"demonstrate":[172],"power":[174],"technique,":[178,243],"apply":[180],"case":[184],"5-round":[186],"AES.":[187],"This":[188],"AES":[191],"was":[192,223],"repeatedly":[193],"attacked":[194],"by":[195],"large":[197],"variety":[198],"techniques,":[200,303],"but":[201],"for":[202,278],"twenty":[203],"years":[204],"complexity":[206,249],"had":[207],"remained":[208],"stuck":[209],"at":[210],"$$2^{32}$$":[211],"<mml:mn>32</mml:mn>":[216],".":[219],"At":[220],"Crypto\u201918,":[221],"finally":[224],"reduced":[225],"$$2^{24}$$":[227],"<mml:mn>24</mml:mn>":[232],"(for":[235],"full":[236,251,280],"key":[237,252,281],"recovery),":[238],"our":[241,289],"can":[245],"further":[246],"reduce":[247],"recovery":[253],"surprisingly":[256],"low":[257],"value":[258],"$$2^{16.5}$$":[260],"<mml:mn>16.5</mml:mn>":[266],"(i.e.,":[270],"only":[271],"90,":[272],"000":[273],"encryption/decryption":[274],"operations":[275],"required":[277],"recovery).":[282],"addition":[284],"improving":[286],"previous":[287],"attacks,":[288],"technique":[291],"unveils":[292],"hidden":[294],"relationship":[295],"other":[301],"cryptanalytic":[302],"yoyo":[305],"game":[306],"recently":[309],"introduced":[310],"mixture":[311],"differentials.":[312]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}