Cryptanalysis of SIMON variants with connections

Javad Alizadeh, Hoda A. Alkhzaimi, Mohammad Reza Aref, Nasour Bagheri, Praveen Gauravaram, Abhishek Kumar, Martin M. Lauridsen, Somitra Kumar Sanadhya

Research output: Contribution to journalArticle

Abstract

Abstract. SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

    Fingerprint

Keywords

  • Feistel
  • Impossible differential cryptanalysis
  • Lightweight
  • Linear cryptanalysis
  • RFID
  • Rotational cryptanalysis
  • SIMON
  • Weak keys

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this