Advertisement

Cryptanalysis of SIMON Variants with Connections

  • Javad Alizadeh
  • Hoda A. Alkhzaimi
  • Mohammad Reza Aref
  • Nasour Bagheri
  • Praveen Gauravaram
  • Abhishek Kumar
  • Martin M. Lauridsen
  • Somitra Kumar Sanadhya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8651)

Abstract

SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with \(K\)-bit key and \(N\)-bit block is called SIMON\({N}/{K}\). We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity \(2^{123}\). We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

Keywords

Lightweight RFID Feistel SIMON Linear cryptanalysis Impossible differential cryptanalysis Rotational cryptanalysis Weak keys 

Supplementary material

References

  1. 1.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential Cryptanalysis of Reduced-Round Simon. Cryptology ePrint Archive, Report 2013/526 (2013). http://eprint.iacr.org/
  2. 2.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced Simon and Speck. In: Preproceedings of Fast Software Encryption (FSE 2014) (2014, to appear)Google Scholar
  3. 3.
    Alizadeh, J., Bagheri, N., Gauravaram, P., Kumar, A., Sanadhya, S.K.: Linear Cryptanalysis of Round Reduced SIMON. Cryptology ePrint Archive, Report 2013/663 (2013) http://eprint.iacr.org/
  4. 4.
    Alkhzaimi, H.A., Lauridsen, M.M.: Cryptanalysis of the SIMON Family of Block Ciphers. Cryptology ePrint Archive, Report 2013/543 (2013). http://eprint.iacr.org/
  5. 5.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. Cryptology ePrint Archive, Report 2013/404 (2013). http://eprint.iacr.org/
  6. 6.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the middle attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, p. 124. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993)Google Scholar
  8. 8.
    Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Preproceedings of Fast Software Encryption (FSE 2014) (2014, to appear)Google Scholar
  9. 9.
    Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)Google Scholar
  10. 10.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)Google Scholar
  11. 11.
    Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995)Google Scholar
  12. 12.
    Cho, J.Y., Hermelin, M., Nyberg, K.: A new technique for multidimensional linear cryptanalysis with applications on reduced round serpent. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 383–398. Springer, Heidelberg (2009)Google Scholar
  13. 13.
    ISO/IEC 29192–2. Information technology - Security techniques - Lightweight cryptography - Part 2: Block ciphers. Technical report, International Organization for StandardizationGoogle Scholar
  14. 14.
    Nakahara Jr., J., Preneel, B., Vandewalle, J.: Linear cryptanalysis of reduced-round versions of the SAFER block cipher family. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, p. 244. Springer, Heidelberg (2001)Google Scholar
  15. 15.
    Knudsen, L.R.: DEAL - A 128-bit Block Cipher (1998)Google Scholar
  16. 16.
    Li, T., Lim, T.-L.: RFID Anticounterfeiting: An Architectural Perspective (2008)Google Scholar
  17. 17.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  18. 18.
    Nyberg, K.: Linear Cryptanalysis. Icebreak 2013 (2013). http://ice.mat.dtu.dk/slides/kaisa_1.pdf
  19. 19.
    Saarinen, M.-J.O., Engels, D.: A Do-It-All-Cipher for RFID: Design Requirements (Extended Abstract). Cryptology ePrint Archive, Report 2012/317 (2012). http://eprint.iacr.org/
  20. 20.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)Google Scholar
  21. 21.
    Tardy-Corfdir, A., Gilbert, H.: A known plaintext attack of FEAL-4 and FEAL-6. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 172–182. Springer, Heidelberg (1992)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Javad Alizadeh
    • 1
  • Hoda A. Alkhzaimi
    • 5
  • Mohammad Reza Aref
    • 1
  • Nasour Bagheri
    • 2
  • Praveen Gauravaram
    • 3
  • Abhishek Kumar
    • 4
  • Martin M. Lauridsen
    • 5
  • Somitra Kumar Sanadhya
    • 4
  1. 1.Information Systems and Security Lab (ISSL), Electrical Engineering DepartmentSharif University of TechnologyTehranIran
  2. 2.Electrical Engineering DepartmentShahid Rajaee Teacher Training UniversityTehranIran
  3. 3.Innovation Labs HyderabadTata Consultancy Services LimitedHyderabadIndia
  4. 4.Indraprastha Institute of Information TechnologyNew DelhiIndia
  5. 5.Section for Cryptology, DTU ComputeTechnical University of DenmarkLyngbyDenmark

Personalised recommendations