Block ciphers are one of the building blocks of many security
protocols and other security related constructions. As they play
an important rule in these environment, the strength of block ciphers
has to be evaluated almost consistently, as new attacks are being
invented and old attack being improved.

One of the most known attacks on block ciphers is the differential
attack, presented at the early 1990's. The attack was used to
theoretically compromise the security of block cipher like DES (the
Data Encryption Standard), but can be used to attack ciphers in
practice (like FEAL).

As today's block cipher designers take differential cryptanalysis into
consideration, new methods are to be introduced. One such technique is
the boomerang attack. The boomerang attack (presented in 1999 by
Wagner) treats the cipher as a cascade of two sub-ciphers, and apply
differentials to each sub-cipher independently (using some adaptive
attack procedure). The rectangle attack finalizes the transition of
the boomerang attack from an adaptive attack into a chosen plaintext
attack.

This is joint work with Eli Biham and Nathan Keller.