Cryptanalysis of Reduced-Round SIMON32 and SIMON48

Wang, Qingju; Liu, Zhiqiang; Varıcı, Kerem; Sasaki, Yu; Rijmen, Vincent; Todo, Yosuke

doi:10.1007/978-3-319-13039-2_9

Cited by 63 publications

(60 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Simon block cipher family has been studied in various paper [1,2,5,9,10,12] and the attacks covering the most rounds are based on differential and linear cryptanalysis, which therefore will also be the focus of this work. However very few analyses [7] was done to study the choice of parameters for Simon and Speck and their effect on the security of these block ciphers.…”

Section: Introductionmentioning

confidence: 99%

A Brief Comparison of Simon and Simeck

Kölbl

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Simeck is a new lightweight block cipher design based on combining the design principles of the Simon and Speck block cipher. While the design allows a smaller and more efficient hardware implementation, its security margins are not well understood. The lack of design rationals of its predecessors further leaves some uncertainty on the security of Simeck. In this work we give a short analysis of the impact of the design changes by comparing the upper bounds on the probability of differential and linear trails with Simon. We also give a comparison of the effort of finding those bounds, which surprisingly is significantly lower for Simeck while covering a larger number of rounds at the same time. Furthermore, we provide new differentials for Simeck which can cover more rounds compared to previous results on Simon and study how to choose good differentials for attacks and show that one can find better differentials by building them from a larger set of trail with initially lower probability. We also provide experimental results for the differentials for Simon32 and Simeck32 which show that there exist keys for which the probability of the differential is significantly higher than expected. Based on this we mount key recovery attacks on 19/26/33 rounds of Simeck32/48/64, which also give insights on the reduced key guessing effort due to the different set of rotation constants.

show abstract

Section: Introductionmentioning

confidence: 99%

A Brief Comparison of Simon and Simeck

Kölbl

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…On the other hand, in [29], Wang et al presented a divide and conquer approach to add extra rounds to their impossible differential trail. We note that it is possible to adapt their approach to extend the key recovery using the exist linear hull over more rounds.…”

Section: Key Recovery Attack On 24 and 23 Rounds Of Simon-32/k Using mentioning

confidence: 99%

“…With the proposed block and key lengths, SIMON is a family of ten lightweight block ciphers. Since the publication of SIMON, each cipher in this family has undergone reduced round cryptanalysis against linear [2,3,4,5,6,24], differential [3,4,11,28], impossible differential [14], rectangular [3,4] and integral [29] attacks.…”

Section: Introductionmentioning

confidence: 99%

Improved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48

Abdelraheem

Alizadeh

AlKhzaimi

et al. 2015

Progress in Cryptology -- INDOCRYPT 2015

View full text Add to dashboard Cite

Abstract. In this paper we analyse two variants of SIMON family of light-weight block ciphers against linear cryptanalysis and present the best linear cryptanalytic results on these variants of reduced-round SIMON to date.We propose a time-memory trade-off method that finds differential/linear trails for any permutation allowing low Hamming weight differential/linear trails. Our method combines low Hamming weight trails found by the correlation matrix representing the target permutation with heavy Hamming weight trails found using a Mixed Integer Programming model representing the target differential/linear trail. Our method enables us to find a 17-round linear approximation for SIMON-48 which is the best current linear approximation for SIMON-48. Using only the correlation matrix method, we are able to find a 14-round linear approximation for SIMON-32 which is also the current best linear approximation for SIMON-32.The presented linear approximations allow us to mount a 23-round key recovery attack on SIMON-32 and a 24-round Key recovery attack on SIMON-48/96 which are the current best results on SIMON-32 and SIMON-48. In addition we have an attack on 24 rounds of SIMON-32 with marginal complexity.

show abstract

“…By far, SIMON has attracted many cryptanalysis such as differential analysis [6][7][8][9][10], linear cryptanalysis [11,12], impossible differential and zero-correlation linear hull cryptanalysis [11,13].…”

Section: Introductionmentioning

confidence: 99%

Improved linear (hull) cryptanalysis of round-reduced versions of SIMON

Shi

Sun

et al. 2016

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Abstract. SIMON is a family of lightweight block ciphers designed by the U.S. National Security Agency (NSA) that has attracted much attention since its publication in 2013. In this paper, we thoroughly investigate the properties of linear approximations of the bitwise AND operation with dependent input bits. By using a Mixed-integer Linear Programming based technique presented in Aasicrypt 2014 for automatic search for characteristics, we obtain improved linear characteristics for several versions of the SIMON family. Moreover, by employing a recently published method for automatic enumeration of differential and linear characteristics by Sun et. al., we present an improved linear hull analysis of some versions of the SIMON family, which are the best results for linear cryptanalysis of SIMON published so far.Specifically, for SIMON128, where the number denotes the block length, a 34-round linear characteristic with correlation 2 −61 is found, which is the longest linear characteristic that can be used in a keyrecovery attack for SIMON128 published so far. Besides, several linear hulls superior to the best ones known previously are presented as follows: linear hulls for the 13-round SIMON32 with potential 2

show abstract

Cryptanalysis of Reduced-Round SIMON32 and SIMON48

Cited by 63 publications

References 26 publications

A Brief Comparison of Simon and Simeck

A Brief Comparison of Simon and Simeck

Improved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48

Improved linear (hull) cryptanalysis of round-reduced versions of SIMON

Contact Info

Product

Resources

About