Fault Analysis on SIMON Family of Lightweight Block Ciphers

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8949)


This paper proposes applying differential fault analysis (DFA) to the Simon family of lightweight block ciphers. We perform DFA by examining the characteristics of the AND operation which is a non-linear function of Simon. Then, we evaluate in detail the number of fault injections required to obtain a secret key. To the best of our knowledge, we are the first to show how to extract the entire secret key for all parameters in the Simon family using a practical fault model based on random faults. As an example, for Simon with a \(128\)-bit block size and a \(128\)-bit secret key, we can extract the entire secret key using \(7.82\) fault injections on average. The results of simulations performed on a PC show that the average number of fault injections required to retrieve a round key agrees with that based on theoretical results. We believe that this study gives new insight into the field of fault analysis because Simon has a property specific to non-linear functions in that it uses the AND operation while not using a substitution box which most block ciphers employ.


Fault analysis Differential fault analysis Implementation attacks Lightweight block ciphers Simon 


  1. 1.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers L.: The shape SIMON and shape speck families of lightweight block ciphers, cryptology ePrint Archive: Report 2013/404, (2013). http://eprint.iacr.org/
  2. 2.
    Alizadeh, J., Bagheri, N., Gauravaram, P., Kumar, A., Sanadhya, S. K.: Linear cryptanalysis of round reduced SIMON, cryptology ePrint Archive: Report 2013/663, (2013). http://eprint.iacr.org/
  3. 3.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential and linear cryptanalysis of reduced-round shape SIMON. Cryptology ePrint Archive: Report 2013/526, (2013). http://eprint.iacr.org/
  4. 4.
    Alkhzaimi, H.A., Lauridsen, M.M.: Cryptanalysis of the SIMON Family of block ciphers. Cryptology ePrint Archive: Report 2013/543, (2013). http://eprint.iacr.org/
  5. 5.
    Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P., Lauridsen, M.M.: Improved Linear cryptanalysis of round reduced SIMON. Cryptology ePrint Archive: Report 2014/681, (2014). http://eprint.iacr.org/
  6. 6.
    Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Fast Software Encryption (FSE, 2014) (2014)Google Scholar
  7. 7.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced shape SIMON and shape speck. In: FSE 2014 (2014)Google Scholar
  8. 8.
    Bhasin, S., Graba, T., Danger, J.-L., Najm, Z.: A Look into SIMON from a side-channel perspective. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (Host, 2014), pp. 56–59. IEEE-CS (2014)Google Scholar
  9. 9.
    Shanmugam, D., Selvam, R., Annadurai, S.: Differential power analysis attack on SIMON and LED block ciphers. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds.) SPACE 2014. LNCS, vol. 8804, pp. 110–125. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  10. 10.
    Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, çK, Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  11. 11.
    Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. ISC. Springer, Heidelberg (2012). In Part V Implementing Fault AttacksMATHGoogle Scholar
  12. 12.
    Boneh, D., Demillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14, 101–119 (2001). Earlier version was published in EUROCRYPT 1997CrossRefMATHMathSciNetGoogle Scholar
  13. 13.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  14. 14.
    Hemme, L.: A Differential fault attack against early rounds of (Triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  15. 15.
    Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  16. 16.
    Chen, H., Wu, W., Feng, D.: Differential fault analysis on CLEFIA. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 284–295. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  17. 17.
    Wang, G., Wang, S.: Differential fault analysis on PRESENT key schedule. In: Proceedings of 2010 International Conference on Computational Intelligence and, Security (CIS, 2010), pp. 362–366. IEEE-CS (2010)Google Scholar
  18. 18.
    Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Differential Fault Analysis on the Families of SIMON and SPECK Ciphers. Cryptology ePrint Archive: Report 2014/267, (2014). http://eprint.iacr.org/ (2014)
  19. 19.
    Tupsamudre, H., Bisht, S., Mukhopadhyay, D.: Differential fault analysis on the families of SIMON and SPECK ciphers. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2014), pp. 40–48. IEEE-CS (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesNTT CorporationMusashino-shiJapan
  2. 2.NTT Technology Planning DepartmentNTT CorporationChiyoda-kuJapan

Personalised recommendations