Analyzing Key Schedule of Simon: Iterative Key Differences and Application to Related-Key Impossible Differentials

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10418)

Abstract

The current paper analyzes the key schedule function of lightweight block cipher Simon, which was designed by NSA in 2013. In particular, a list of all iterative key differences is provided for all members of the Simon-family for all number of rounds. The iterative differences are searched by exploiting the fact that Simon only adopts linear operations in the key schedule function. By using the discovered iterative key difference for Simon32, a 15-round related-key impossible differential is constructed, which improves the previous longest 11-round impossible differentials of Simon32 in the single-key setting by four rounds. The current paper makes better understanding of related-key security of Simon.

Keywords

Simon Block cipher Linear key schedule Iterative differences Related-key Impossible differentials 

References

  1. 1.
    Abdelraheem, M.A., Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P.: Improved linear cryptanalysis of reduced-round SIMON-32 and SIMON-48. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 153–179. Springer, Cham (2015). doi:10.1007/978-3-319-26617-6_9 CrossRefGoogle Scholar
  2. 2.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced Simon and Speck. In: Cid and Rechberger [12], pp. 525–545Google Scholar
  3. 3.
    Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated dynamic cube attack on block ciphers: Cryptanalysis of SIMON and KATAN. Cryptology ePrint Archive, Report 2015/040 (2015)Google Scholar
  4. 4.
    Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P., Kumar, A., Lauridsen, M.M., Sanadhya, S.K.: Cryptanalysis of SIMON variants with connections. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 90–107. Springer, Cham (2014). doi:10.1007/978-3-319-13066-8_6 Google Scholar
  5. 5.
    Ashur, T.: Improved linear trails for the block cipher Simon. Cryptology ePrint Archive, Report 2015/285 (2015)Google Scholar
  6. 6.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013)Google Scholar
  7. 7.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. J. Cryptology 18(4), 291–311 (2005)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Cid and Rechberger [12], pp. 546–570Google Scholar
  9. 9.
    Boura, C., Naya-Plasencia, M., Suder, V.: Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and Simon. In: Sarkar and Iwata [18], pp. 179–199Google Scholar
  10. 10.
    Chen, H., Wang, X.: Improved linear hull attack on round-reduced Simon with dynamic key-guessing techniques. Cryptology ePrint Archive, Report 2015/666 (2015)Google Scholar
  11. 11.
    Chen, Z., Wang, N., Wang, X.: Impossible differential cryptanalysis of reduced round SIMON. Cryptology ePrint Archive, Report 2015/286 (2015)Google Scholar
  12. 12.
    Cid, C., Rechberger, C. (eds.): FSE 2014. LNCS, vol. 8540. Springer, Heidelberg (2015)Google Scholar
  13. 13.
    Hao, Y., Meier, W.: Truncated differential based known-key attacks on round-reduced Simon. Cryptology ePrint Archive, Report 2016/020 (2016)Google Scholar
  14. 14.
    Knudsen, L.: DEAL - a 128-bit block cipher. In: NIST AES Proposal (1998)Google Scholar
  15. 15.
    Liu, Z., Li, Y., Wang, M.: Optimal differential trails in SIMON-like ciphers. Cryptology ePrint Archive, Report 2017/178 (2017)Google Scholar
  16. 16.
    Mourouzis, T., Song, G., Courtois, N., Christofii, M.: Advanced differential cryptanalysis of reduced-round SIMON64/128 using large-round statistical distinguishers. Cryptology ePrint Archive, Report 2015/481 (2015)Google Scholar
  17. 17.
    Raddum, H.: Algebraic analysis of the simon block cipher family. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 157–169. Springer, Cham (2015). doi:10.1007/978-3-319-22174-8_9 CrossRefGoogle Scholar
  18. 18.
    Sarkar, P., Iwata, T. (eds.): ASIACRYPT 2014. LNCS, vol. 8873. Springer, Heidelberg (2014)MATHGoogle Scholar
  19. 19.
    Sasaki, Y., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 185–215. Springer, Cham (2017). doi:10.1007/978-3-319-56617-7_7 CrossRefGoogle Scholar
  20. 20.
    Shi, D., Hu, L., Sun, S., Song, L., Qiao, K., Ma, X.: Improved linear (hull) cryptanalysis of round-reduced versions of SIMON. Cryptology ePrint Archive, Report 2014/973 (2014)Google Scholar
  21. 21.
    Sun, S., Hu, L., Wang, M., Wang, P., Qiao, K., Ma, X., Shi, D., Song, L., Fu, K.: Constructing mixed-integer programming models whose feasible region is exactly the set of all valid differential characteristics of SIMON. Cryptology ePrint Archive, Report 2015/122 (2015)Google Scholar
  22. 22.
    Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar and Iwata [18], pp. 158–178Google Scholar
  23. 23.
    Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016). doi:10.1007/978-3-662-52993-5_18 CrossRefGoogle Scholar
  24. 24.
    Wang, N., Wang, X., Jia, K., Zhao, J.: Differential attacks on reduced SIMON versions with dynamic key-guessing techniques. Cryptology ePrint Archive, Report 2014/448 (2014)Google Scholar
  25. 25.
    Wang, Q., Liu, Z., Varici, K., Sasaki, Y., Rijmen, V., Todo, Y.: Cryptanalysis of reduced-round SIMON32 and SIMON48. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 143–160. Springer, Cham (2014). doi:10.1007/978-3-319-13039-2_9 Google Scholar
  26. 26.
    Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53887-6_24 CrossRefGoogle Scholar
  27. 27.
    Xiang, Z., Zhang, W., Lin, D.: On the division property of Simon48 and Simon64. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 147–163. Springer, Cham (2016). doi:10.1007/978-3-319-44524-3_9 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Kota Kondo
    • 1
  • Yu Sasaki
    • 2
  • Yosuke Todo
    • 2
  • Tetsu Iwata
    • 1
  1. 1.Nagoya UniversityNagoyaJapan
  2. 2.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations