Improved Related-Tweakey Rectangle Attacks On Reduced-Round Deoxys-Bc-384 And Deoxys-I-256-128

Deoxys-BC is the core internal tweakable block cipher of the authenticated encryption schemes Deoxys-I and Deoxys-II. Deoxys-II is one of the six schemes in the final portfolio of the CAESAR competition, while Deoxys-I is a 3rd round candidate. By well studying the new method proposed by Cid et al. at ToSC 2017 and BDT technique proposed by Wang and Peyrin at ToSC 2019, we find a new 11-round related-tweakey boomerang distinguisher of Deoxys-BC-384 with probability of 2(-118.4), and give a related-tweakey rectangle attack on 13-round Deoxys-BC-384 with a data complexity of 2(125.2) and time complexity of 2(186.7), and then apply it to analyze 13-round Deoxys-I-256-128 in this paper. This is the first time that an attack on 13-round Deoxys-I-256-128 is given, while the previous attack on this version only reaches 12 rounds.