International Conference in Cryptology in India

Progress in Cryptology -- INDOCRYPT 2015 pp 153-179 | Cite as

Improved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48

  • Mohamed Ahmed Abdelraheem
  • Javad Alizadeh
  • Hoda A. Alkhzaimi
  • Mohammad Reza Aref
  • Nasour Bagheri
  • Praveen Gauravaram
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9462)


In this paper we analyse two variants of SIMON family of light-weight block ciphers against variants of linear cryptanalysis and present the best linear cryptanalytic results on these variants of reduced-round SIMON to date.

We propose a time-memory trade-off method that finds differential/linear trails for any permutation allowing low Hamming weight differential/linear trails. Our method combines low Hamming weight trails found by the correlation matrix representing the target permutation with heavy Hamming weight trails found using a Mixed Integer Programming model representing the target differential/linear trail. Our method enables us to find a 17-round linear approximation for SIMON-48 which is the best current linear approximation for SIMON-48. Using only the correlation matrix method, we are able to find a 14-round linear approximation for SIMON-32 which is also the current best linear approximation for SIMON-32.

The presented linear approximations allow us to mount a 23-round key recovery attack on SIMON-32 and a 24-round Key recovery attack on SIMON-48/96 which are the current best results on SIMON-32 and SIMON-48. In addition we have an attack on 24 rounds of SIMON-32 with marginal complexity.


SIMON Linear cryptanalysis Linear hull Correlation matrix Mixed Integer Programming (MIP) 


  1. 1.
    Abdelraheem, M.A.: Estimating the probabilities of low-weight differential and linear approximations on PRESENT-like ciphers. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 368–382. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  2. 2.
    Abdelraheem, M.A., Alizadeh, J., AlKhzaimi, H., Aref, M.R., Bagheri, N., Gauravaram, P., Lauridsen, M.M.: Improved Linear Cryptanalysis of Round Reduced SIMON. IACR Cryptology ePrint Archive, 2014:681 (2014)Google Scholar
  3. 3.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential Cryptanalysis of Reduced-Round Simon. IACR Cryptology ePrint Archive 2013:526 (2013)Google Scholar
  4. 4.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced simon and speck. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 525–545. Springer, Heidelberg (2015) Google Scholar
  5. 5.
    Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P., Kumar, A., Lauridsen, M.M., Sanadhya, S.K.: Cryptanalysis of SIMON variants with connections. In: Sadeghi, A.-R., Saxena, N. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 90–107. Springer, Heidelberg (2014) Google Scholar
  6. 6.
    Alizadeh, J., Bagheri, N., Gauravaram, P., Kumar, A., Sanadhya, S.K.: Linear Cryptanalysis of Round Reduced SIMON. IACR Cryptology ePrint Archive 2013:663 (2013)Google Scholar
  7. 7.
    Ashur, T.: Improved linear trails for the block cipher simon. Cryptology ePrint Archive, Report 2015/285 (2015).
  8. 8.
    Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  9. 9.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of lightweight block ciphers. IACR Cryptology ePrint Archive 2013, 404 (2013)Google Scholar
  10. 10.
    Biham, E.: On matsui’s linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 341–355. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  11. 11.
    Biryukov, Alex, Roy, Arnab, Velichkov, Vesselin: Differential analysis of block ciphers SIMON and SPECK. 8540, 546–570 (2015)Google Scholar
  12. 12.
    Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: SPONGENT: A Lightweight Hash Function. In: Preneel and Takagi [22], pp. 312–325Google Scholar
  13. 13.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  14. 14.
    Boura, C., Naya-Plasencia, M., Suder, V.: Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and Simon. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 179–199. Springer, Heidelberg (2014) Google Scholar
  15. 15.
    De Cannière, C., Preneel, B.: Trivium. In: Robshaw and Billet [23], pp. 244–266Google Scholar
  16. 16.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  17. 17.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON Family of Lightweight Hash Functions. In: Rogaway, P. (ed.) CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED Block Cipher. In: Preneel and Takagi [22], pp. 326–341Google Scholar
  19. 19.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: The grain family of stream ciphers. In: Robshaw and Billet [23], pp. 179–190Google Scholar
  20. 20.
    Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON Block Cipher Family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 161–185. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  21. 21.
    Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  22. 22.
    Preneel, B., Takagi, T. (eds.): CHESGoogle Scholar
  23. 23.
    Robshaw, M.J.B., Billet, O. (eds.): New Stream Cipher Designs - The eSTREAM Finalists. LNCS, vol. 4986. Springer, Heidelberg (2008) MATHGoogle Scholar
  24. 24.
    Shi, D., Lei, H., Sun, S. Song, L., Qiao, K., Ma, X.: Improved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON. IACR Cryptology ePrint Archive 2014: 973 (2014)Google Scholar
  25. 25.
    Sun, S., Lei, H., Wang, M., Wang, P., Qiao, K., Ma, X., Shi, D., Song, L., Kai, F.: Towards Finding the Best Characteristics of Some Bit-oriented Block Ciphers and Automatic Enumeration of (Related-key) Differential and Linear Characteristics with Predefined Properties. IACR Cryptology ePrint Archive 2014: 747 (2014)Google Scholar
  26. 26.
    Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (Related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014) Google Scholar
  27. 27.
    Wang, N., Wang, X., Jia, K., Zhao, J.: Differential Attacks on Reduced SIMON Versions with Dynamic Key-guessing Techniques. IACR Cryptology ePrint Archive 2014: 448 (2014)Google Scholar
  28. 28.
    Wang, N., Wang, X., Jia, K., Zhao, J.: Improved Differential Attacks on Reduced SIMON Versions. IACR Cryptology ePrint Archive 2014: 448 (2014)Google Scholar
  29. 29.
    Wang, Qingju, Liu, Zhiqiang, Kerem Varici, Yu., Sasaki, Vincent Rijmen, Todo, Yosuke: Cryptanalysis of Reduced-Round SIMON32 and SIMON48. In: Meier, Willi, Mukhopadhyay, Debdeep (eds.) INDOCRYPT 2014. Lecture Notes in Computer Science, vol. 8885, pp. 143–160. Springer, Heidelberg (2014)Google Scholar
  30. 30.
    Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Mohamed Ahmed Abdelraheem
    • 1
  • Javad Alizadeh
    • 2
  • Hoda A. Alkhzaimi
    • 3
  • Mohammad Reza Aref
    • 2
  • Nasour Bagheri
    • 4
    • 5
  • Praveen Gauravaram
    • 6
  1. 1.SICS Swedish ICTKistaSweden
  2. 2.ISSL, Department of Electrical EngineeringSharif University of TechnologyTehranIran
  3. 3.Section for Cryptology, DTU ComputeTechnical University of DenmarkLyngbyDenmark
  4. 4.Department of Electrical EngineeringShahid Rajaee Teachers Training UniversityTehranIran
  5. 5.School of Computer ScienceInstitute for Research in Fundamental Sciences (IPM)TehranIran
  6. 6.Queensland University of TechnologyBrisbaneAustralia

Personalised recommendations