Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques

Simon is a lightweight block cipher family proposed by NSA in 2013. It has drawn many cryptanalysts' attention and varieties of cryptanalysis results have been published, including differential, linear, impossible differential, integral cryptanalysis and so on. In this paper, we give the improved linear attacks on all reduced versions of Simon with dynamic key-guessing technique, which was proposed to improve the differential attack on Simon recently. By establishing the boolean function of parity bit in the linear hull distinguisher and reducing the function according to the property of AND operation, we can guess different subkeys or equivalent subkeys for different situations, which decrease the number of key bits involved in the attack and decrease the time complexity in a further step. As a result, 23-round Simon32/64, 24-round Simon48/72, 25-round Simon48/96, 30-round Simon64/96, 31-round Simon64/128, 37-round Simon96/96, 38-round Simon96/144, 49-round Simon128/128, 51-round Simon128/192 and 53-round Simon128/256 can be attacked. As far as we know, our attacks on most reduced versions of Simon are the best compared with the previous cryptanalysis results. However, this does not shake the security of Simon family with full rounds.

[1]  Vincent Rijmen,et al.  Cryptanalysis of Reduced-Round SIMON32 and SIMON48 , 2014, INDOCRYPT.

[2]  Nasour Bagheri,et al.  Cryptanalysis of SIMON Variants with Connections , 2014, RFIDSec.

[3]  Tomer Ashur Improved Linear Trails for the Block Cipher Simon , 2015, IACR Cryptol. ePrint Arch..

[4]  Ning Wang,et al.  Impossible Differential Cryptanalysis of Reduced Round SIMON , 2015, IACR Cryptol. ePrint Arch..

[5]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[6]  Stefan Lucks,et al.  Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013 , 2013 .

[7]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..

[8]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[9]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[10]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[11]  Hoda AlKhzaimi,et al.  Cryptanalysis of the SIMON Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[12]  Nasour Bagheri,et al.  Improved Linear Cryptanalysis of Round Reduced SIMON , 2014, IACR Cryptol. ePrint Arch..

[13]  Lei Hu,et al.  Automatic Enumeration of (Related-key) Differential and Linear Characteristics with Predefined Properties and Its Applications , 2014, IACR Cryptol. ePrint Arch..

[14]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[15]  Lei Hu,et al.  Towards Finding the Best Characteristics of Some Bit-oriented Block Ciphers and Automatic Enumeration of ( Related-key ) Differential and Linear Characteristics with Predefined Properties , 2015 .

[16]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2002, SCN.

[17]  Ning Wang,et al.  Differential attacks on reduced SIMON versions with dynamic key-guessing techniques , 2017, Science China Information Sciences.

[18]  Lei Hu,et al.  Improved linear (hull) cryptanalysis of round-reduced versions of SIMON , 2015, Science China Information Sciences.

[19]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[20]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[21]  Mohamed A. Sharaf,et al.  Databases Theory and Applications , 2014, Lecture Notes in Computer Science.

[22]  Stefan Lucks,et al.  Cryptanalysis of the Speck Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[23]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[24]  Keting Jia,et al.  Improved Differential Attacks on Reduced SIMON Versions , 2014, IACR Cryptol. ePrint Arch..