Improved Linear Trails for the Block Cipher Simon

Simon is a family of block ciphers designed by the NSA and published in 2013. Due to their simple structure and the fact that the specification lacked security design rationale, the ciphers have been the subject of much cryptanalytic work, especially using differential and linear cryptanalysis. We improve previously published linear trail bias estimations by presenting a novel method to calculate the bias of short linear hulls in Simon and use them to construct longer linear approximations. By using these linear approximations we present key recovery attacks of up to 25 rounds for Simon64/128, 24 rounds for Simon32/64, Simon48/96, and Simon64/96, and 23 rounds for Simon48/72. The attacks on Simon32 and Simon48 are currently the best attacks on these versions. The attacks on Simon64 do not cover as many rounds as attacks using differential cryptanalysis but they work in the more natural setting of known plaintexts rather than chosen plaintexts.

[1]  Nasour Bagheri,et al.  Improved Linear Cryptanalysis of Round Reduced SIMON , 2014, IACR Cryptol. ePrint Arch..

[2]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[3]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[4]  Vincent Rijmen,et al.  Cryptanalysis of Reduced-Round SIMON32 and SIMON48 , 2014, INDOCRYPT.

[5]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[6]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[7]  Keting Jia,et al.  Improved Differential Attacks on Reduced SIMON Versions , 2014, IACR Cryptol. ePrint Arch..

[8]  Hoda AlKhzaimi,et al.  Cryptanalysis of the SIMON Family of Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[9]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[10]  Stefan Lucks,et al.  Differential Cryptanalysis of Reduced-Round Simon , 2013, IACR Cryptol. ePrint Arch..

[11]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[12]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[13]  Stefan Lucks,et al.  Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013 , 2013 .

[14]  Nasour Bagheri,et al.  Linear Cryptanalysis of Round Reduced SIMON , 2013, IACR Cryptol. ePrint Arch..