Cryptanalysis of Reduced-Round SIMON32 and SIMON48

SIMON family is one of the recent lightweight block cipher designs introduced by NSA. So far there have been several cryptanalytic results on this cipher by means of differential, linear and impossible differential cryptanalysis. In this paper, we study the security of SIMON32, SIMON48/72 and SIMON48/96 by using integral, zero-correlation linear and impossible differential cryptanalysis. Firstly, we present a novel experimental approach to construct the best known integral distinguishers of SIMON32. The small block size, 32 bits, of SIMON32 enables us to experimentally find a 15-round integral distinguisher, based on which we present a key recovery attack on 21-round SIMON32, while previous best results only achieved 19 rounds. Moreover, we attack 20-round SIMON32, 20-round SIMON48/72 and 21-round SIMON48/96 based on 11 and 12-round zero-correlation linear hulls of SIMON32 and SIMON48 respectively. Finally, we propose new impossible differential attacks which improve the previous impossible differential attacks. Our analysis shows that SIMON maintains enough security margin.

[1]  Jason Smith,et al.  SIMON and SPECK: Block Ciphers for the Internet of Things , 2015, IACR Cryptol. ePrint Arch..

[2]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[3]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[4]  Vincent Rijmen,et al.  Linear hulls with correlation zero and linear cryptanalysis of block ciphers , 2014, Des. Codes Cryptogr..

[5]  Andrey Bogdanov,et al.  Integral and Multidimensional Linear Distinguishers with Correlation Zero , 2012, ASIACRYPT.

[6]  Nasour Bagheri,et al.  Linear Cryptanalysis of Round Reduced SIMON , 2013, IACR Cryptol. ePrint Arch..

[7]  Yu Sasaki,et al.  Bitwise Partial-Sum on HIGHT: A New Tool for Integral Analysis Against ARX Designs , 2013, ICISC.

[8]  Alex Biryukov,et al.  Automatic Search for Differential Trails in ARX Ciphers , 2014, CT-RSA.

[9]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[10]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[11]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[12]  Matt Henricksen,et al.  EPCBC - A Block Cipher Suitable for Electronic Product Code Encryption , 2011, CANS.

[13]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[14]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[15]  Jean-Didier Legat,et al.  ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[16]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[17]  Keting Jia,et al.  Improved Differential Attacks on Reduced SIMON Versions , 2014, IACR Cryptol. ePrint Arch..

[18]  Stefan Lucks,et al.  Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013 , 2013 .

[19]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[20]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[21]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[22]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[23]  Hoda AlKhzaimi,et al.  Cryptanalysis of the SIMON Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[24]  Yu Sasaki,et al.  Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers , 2012, Selected Areas in Cryptography.

[25]  Kazue Sako,et al.  Advances in cryptology -- ASIACRYPT 2012 : 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6 2012 : proceedings , 2012 .

[26]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[27]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[28]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[29]  Andrey Bogdanov,et al.  On the (In)Equivalence of Impossible Differential and Zero-Correlation Distinguishers for Feistel- and Skipjack-Type Ciphers , 2014, ACNS.

[30]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[31]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[32]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.