Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent

  • John Kelsey
  • Tadayoshi Kohno
  • Bruce Schneier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1978)


We introduce a new cryptanalytic technique based on Wagner’s boomerang and inside-out attacks. We first describe this new attack in terms of the original boomerang attack, and then demonstrate its use on reduced-round variants of the MARS core and Serpent. Our attack breaks eleven rounds of the MARS core with 265chosen plaintexts, 270 memory, and 2229partial decryptions. Our attack breaks eight rounds of Serpent with 2114chosen plaintexts, 2119memory, and 2179partial decryptions.


Block Cipher Advance Encryption Standard Input Pair Fast Software Encryption Partial Decryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. ABK98.
    R. Anderson, E. Biham, and L. Knudsen, “Serpent: A Proposal for the Advanced Encryption Standard,” NIST AES Proposal, Jun1998.Google Scholar
  2. BCD+98.
    C. Burwick, D. Coppersmith, E. D'Avignon, R. Gennaro, S. Halevi, C. Jutla, S.M. Matyas, L. O'Connor, M. Peyravian, D. Safford, and N. Zunic, “MARS-A Candidate Cipher for AES,” NIST AES Proposal, Jun1998.Google Scholar
  3. BS93.
    E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  4. Knu95b.
    L.R. Knudsen, “Truncated and Higher Order Differentials,” Fast Software Encryption, 2nd International Workshop Proceedings, Springer-Verlag, 1995, pp.196–211.Google Scholar
  5. KS00.
    J. Kelsey and B. Schneier, “MARS Attacks! Cryptanalyzing Reduced-Round Variants of MARS,” Third AES Candidate Conference, to appear.Google Scholar
  6. KKS00.
    T. Kohno, J. Kelsey, and B. Schneier, “Preliminary Cryptanalysis of Reduced-Round Serpent,” Third AES Candidate Conference, to appear.Google Scholar
  7. LH94.
    S. Langford and M. Hellman, “Differential-Linear Cryptanalysis,” Advances in Cryptology-CRYPTO’ 94, Springer-Verlag, 1994.Google Scholar
  8. Mat94.
    M. Matsui, “Linear Cryptanalysis Method for DES Cipher,” Advances in Cryptology-EUROCRYPT’ 93 Proceedings, Springer-Verlag, 1994, pp. 386–397.Google Scholar
  9. NIST97a.
    National Institute of Standards and Technology, “Announcing Development of a Federal Information Standard for Advanced Encryption Standard,” Federal Register, v. 62,n. 1, 2 Jan 1997, pp. 93–94.Google Scholar
  10. NIST97b.
    National Institute of Standards and Technology, “Announcing Request for Candidate Algorithm Nominations for the Advanced Encryption Standard (AES),” Federal Register, v. 62,n. 117, 12 Sep 1997, pp. 48051–48058.Google Scholar
  11. SK96.
    B. Schneier and J. Kelsey, “Unbalanced Feistel Networks and Block Cipher Design,” Fast Software Encryption, 3rd International Workshop Proceedings, Springer-Verlag, 1996, pp. 121–144.Google Scholar
  12. Wag99.
    D. Wagner, “The Boomerang Attack,” Fast Software Encryption, 6th International Workshop, Springer-Verlag, 1999, pp. 156–170.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • John Kelsey
    • 1
  • Tadayoshi Kohno
    • 2
  • Bruce Schneier
    • 1
  1. 1.Counterpane Internet Security, Inc.USA
  2. 2.Reliable Software TechnologiesUSA

Personalised recommendations