Impossible Differential Cryptanalysis of Reduced Round SIMON

SIMON is a lightweight block cipher introduced by NSA and has attracted lots of attention ever since its publication in 2013. There have been numerous attacks on SIMON such as linear, differential, impossible differential, and zero correlation linear hull cryptanalysis. The SIMON family has 10 versions depending on different block sizes and key sizes to satisfy various security requirements. In this paper, we use automatic-search technique to obtain the longest impossible differential paths of SIMON, and then we propose impossible differential attacks. We give detailed process of attacks on SIMON32/64. In the process of structure construction, we exploit the connection of plaintext and round one output difference of the first round, which is independent of key bits. By building and solving equations of the second round we get plaintext pairs that satisfy the bit conditions of the first round thus reduce the complexity of data collecting phase greatly. In the key recovery phase, we use the dynamic key guessing technique proposed by Wang combined with bit property to exactly the exact bit difference condition, and the time complexity can be reduced and previous results of impossible differential attacks on SIOMN are imoroved.

[1]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[2]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[3]  Stefan Lucks,et al.  Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013 , 2013 .

[4]  Nasour Bagheri,et al.  Cryptanalysis of SIMON Variants with Connections , 2014, RFIDSec.

[5]  Ning Wang,et al.  Differential attacks on reduced SIMON versions with dynamic key-guessing techniques , 2017, Science China Information Sciences.

[6]  Ulrich Kühn,et al.  Improved Cryptanalysis of MISTY1 , 2002, FSE.

[7]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[8]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[9]  Nasour Bagheri,et al.  Improved Linear Cryptanalysis of Round Reduced SIMON , 2014, IACR Cryptol. ePrint Arch..

[10]  Hoda AlKhzaimi,et al.  Cryptanalysis of the SIMON Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[11]  Vincent Rijmen,et al.  Cryptanalysis of Reduced-Round SIMON32 and SIMON48 , 2014, INDOCRYPT.

[12]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..