Abstract
SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with \(K\)-bit key and \(N\)-bit block is called SIMON\({N}/{K}\). We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity \(2^{123}\). We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abed, F., List, E., Lucks, S., Wenzel, J.: Differential Cryptanalysis of Reduced-Round Simon. Cryptology ePrint Archive, Report 2013/526 (2013). http://eprint.iacr.org/
Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced Simon and Speck. In: Preproceedings of Fast Software Encryption (FSE 2014) (2014, to appear)
Alizadeh, J., Bagheri, N., Gauravaram, P., Kumar, A., Sanadhya, S.K.: Linear Cryptanalysis of Round Reduced SIMON. Cryptology ePrint Archive, Report 2013/663 (2013) http://eprint.iacr.org/
Alkhzaimi, H.A., Lauridsen, M.M.: Cryptanalysis of the SIMON Family of Block Ciphers. Cryptology ePrint Archive, Report 2013/543 (2013). http://eprint.iacr.org/
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. Cryptology ePrint Archive, Report 2013/404 (2013). http://eprint.iacr.org/
Biham, E., Biryukov, A., Shamir, A.: Miss in the middle attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, p. 124. Springer, Heidelberg (1999)
Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)
Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Preproceedings of Fast Software Encryption (FSE 2014) (2014, to appear)
Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)
Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995)
Cho, J.Y., Hermelin, M., Nyberg, K.: A new technique for multidimensional linear cryptanalysis with applications on reduced round serpent. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 383–398. Springer, Heidelberg (2009)
ISO/IEC 29192–2. Information technology - Security techniques - Lightweight cryptography - Part 2: Block ciphers. Technical report, International Organization for Standardization
Nakahara Jr., J., Preneel, B., Vandewalle, J.: Linear cryptanalysis of reduced-round versions of the SAFER block cipher family. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, p. 244. Springer, Heidelberg (2001)
Knudsen, L.R.: DEAL - A 128-bit Block Cipher (1998)
Li, T., Lim, T.-L.: RFID Anticounterfeiting: An Architectural Perspective (2008)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Nyberg, K.: Linear Cryptanalysis. Icebreak 2013 (2013). http://ice.mat.dtu.dk/slides/kaisa_1.pdf
Saarinen, M.-J.O., Engels, D.: A Do-It-All-Cipher for RFID: Design Requirements (Extended Abstract). Cryptology ePrint Archive, Report 2012/317 (2012). http://eprint.iacr.org/
Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)
Tardy-Corfdir, A., Gilbert, H.: A known plaintext attack of FEAL-4 and FEAL-6. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 172–182. Springer, Heidelberg (1992)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Addenda to Impossible Differentials Cryptanalysis
In this appendix, we provide an example on impossible differential for Simon32/64 in Fig. 3. A detailed description on the attack and its complexity analysis can be found in an extended version of this part, see [4].
B Experimental Results of Linear Cryptanalysis for SIMON32/64
We evaluated the theoretical results presented in Eq. 11 for 11-round SIMON32/64 experimentally. Table 7 presents the results. It shows that experimental results justify the theory and the bias of the presented path is not less than \(2^{-16}\).
C Sequences of Approximation Used Through Driving the Linear Characteristic of Each Variant of SIMON
In Table 8 we give the propagation of our linear characteristics for SIMON32/64.
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Alizadeh, J. et al. (2014). Cryptanalysis of SIMON Variants with Connections. In: Saxena, N., Sadeghi, AR. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2015. Lecture Notes in Computer Science(), vol 8651. Springer, Cham. https://doi.org/10.1007/978-3-319-13066-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-13066-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13065-1
Online ISBN: 978-3-319-13066-8
eBook Packages: Computer ScienceComputer Science (R0)