Pen and Paper Arguments for SIMON and SIMON-like Designs

  • Christof BeierleEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9841)


In this work, we analyze the resistance of Simon-like ciphers against differential attacks without using computer-aided methods. In this context, we first define the notion of a Simon-like cipher as a generalization of the Simon design. For certain instances, we present a method for proving the resistance against differential attacks by upper bounding the probability of a differential characteristic by \(2^{-2T+2}\) where T denotes the number of rounds. Interestingly, if 2n denotes the block length, our result is sufficient in order to bound the probability by \(2^{-2n}\) for all full-round variants of Simon and Simeck. Thus, it guarantees security in a sense that, even having encryptions of the full codebook, one cannot expect a differential characteristic to hold. The important difference between previous works is that our proof can be verified by hand and thus contributes towards a better understanding of the design. However, it is to mention that we do not analyze the probability of multi-round differentials.

Although there are much better bounds known, especially for a high number of rounds, they are based on experimental search like using SAT/SMT solvers. While those results have already shown that Simon can be considered resistant against differential cryptanalysis, our argument gives more insights into the design itself. As far as we know, this work presents the first non-experimental security argument for full-round versions of several Simon-like instances.


Simon Simeck Differential cryptanalysis Feistel 



The author’s work was supported by DFG Research Training Group GRK 1817 Ubicrypt. Special thanks go to Gregor Leander for his valuable suggestions and comments.


  1. 1.
    Abdelraheem, M.A., Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P.: Improved linear cryptanalysis of reduced-round SIMON-32 and SIMON-48. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 153–179. Springer International Publishing, Heidelberg (2015)Google Scholar
  2. 2.
    Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced SIMON and SPEAK. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 525–545. Springer, Heidelberg (2015)Google Scholar
  3. 3.
    Alizadeh, J., Bagheri, N., Gauravaram, P., Kumar, A., Sanadhya, S.K.: Linear cryptanalysis of round reduced SIMON. Cryptology ePrint Archive, Report 2013/663 (2013).
  4. 4.
    Alkhzaimi, H.A., Lauridsen, M.M.: Cryptanalysis of the SIMON family of block ciphers. Cryptology ePrint Archive, Report 2013/543 (2013).
  5. 5.
    Ashur, T.: Improved linear trails for the block cipher Simon. Cryptology ePrint Archive, Report 2015/285 (2015).
  6. 6.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013).
  7. 7.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: SIMON and SPECK: block ciphers for the internet of things. In: NIST Lightweight Cryptography Workshop, Vol. 2015 (2015)Google Scholar
  8. 8.
    Beierle, C., Jovanovic, P., Lauridsen, M.M., Leander, G., Rechberger, C.: Analyzing permutations for AES-like ciphers: understanding ShiftRows. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 37–58. Springer, Heidelberg (2015)Google Scholar
  9. 9.
    Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 Proposal: ECHO (2010).
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.: The Keccak reference. Submission to NIST (Round 3), 13 (2011)Google Scholar
  11. 11.
    Biham, E., Anderson, R., Knudsen, L.R.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, p. 222. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  13. 13.
    Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 546–570. Springer, Heidelberg (2015)Google Scholar
  14. 14.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Chen, H., Wang, X.: Improved linear hull attack on round-reduced SIMON with dynamic key-guessing techniques. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 428–449. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-52993-5_22 CrossRefGoogle Scholar
  16. 16.
    Daemen, J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. Ph.D. thesis, Doctoral Dissertation, KU Leuven, March 1995Google Scholar
  17. 17.
    Daemen, J., Lamberger, M., Pramstaller, N., Rijmen, V., Vercauteren, F.: Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers. Computing 85(1–2), 85–104 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Daemen, J., Rijmen, V.: AES Proposal: Rjindael (1998).
  19. 19.
    Grassl, M.: Bounds on the minimum distance of linear codes and quantum codes (2007). Accessed 15 Feb 2016
  20. 20.
    Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 161–185. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  21. 21.
    Kondo, K., Sasaki, Y., Iwata, T.: On the design rationale of SIMON block cipher: integral attacks and impossible differential attacks against SIMON variants. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 518–536. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-39555-5_28 CrossRefGoogle Scholar
  22. 22.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  23. 23.
    Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012)Google Scholar
  24. 24.
    Nyberg, K., Knudsen, L.: Provable security against a differential attack. J. Cryptol. 8(1), 27–37 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    PUB FIPS. 197: Advanced encryption standard (AES), National Institute of Standards and Technology (2001).
  26. 26.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656–715 (1949)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Shirai, T., Preneel, B.: On Feistel ciphers using optimal diffusion mappings across multiple rounds. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Shirai, T., Shibutani, K.: Improving immunity of Feistel ciphers against differential cryptanalysis by using multiple MDS matrices. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 260–278. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014)Google Scholar
  30. 30.
    Todo, Y., Morii, M.: Bit-based division property and application to SIMON family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-52993-5_18 CrossRefGoogle Scholar
  31. 31.
    Wang, N., Wang, X., Jia, K., Zhao, J.: Differential attacks on reduced SIMON versions with dynamic key-guessing techniques. Cryptology ePrint Archive, Report 2014/448 (2014).
  32. 32.
    Wang, Q., Liu, Z., Varıcı, K., Sasaki, Y., Rijmen, V., Todo, Y.: Cryptanalysis of reduced-round SIMON32 and SIMON48. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 143–160. Springer International Publishing, Heidelberg (2014)Google Scholar
  33. 33.
    Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations