Cryptanalysis of SIMON variants with connections

Javad Alizadeh, Hoda Alkhzaimi, Mohammad Reza Aref, Nasour Bagheri, Praveen Gauravaram, Abhishek Kumar, Martin M. Lauridsen, Somitra Kumar Sanadhya

Research output: Contribution to journalArticle

Abstract

Abstract. SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

Fingerprint

Cryptanalysis
Attack
Key Recovery
Recovery
National security
Linear Cryptanalysis
Data Complexity
Block Ciphers
Covering
Experiments
Cover
Experiment

Keywords

  • Feistel
  • Impossible differential cryptanalysis
  • Lightweight
  • Linear cryptanalysis
  • RFID
  • Rotational cryptanalysis
  • SIMON
  • Weak keys

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Cryptanalysis of SIMON variants with connections. / Alizadeh, Javad; Alkhzaimi, Hoda; Aref, Mohammad Reza; Bagheri, Nasour; Gauravaram, Praveen; Kumar, Abhishek; Lauridsen, Martin M.; Sanadhya, Somitra Kumar.

In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 8651, 01.01.2014, p. 90-107.

Research output: Contribution to journalArticle

Alizadeh, Javad ; Alkhzaimi, Hoda ; Aref, Mohammad Reza ; Bagheri, Nasour ; Gauravaram, Praveen ; Kumar, Abhishek ; Lauridsen, Martin M. ; Sanadhya, Somitra Kumar. / Cryptanalysis of SIMON variants with connections. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2014 ; Vol. 8651. pp. 90-107.
@article{54c48532f06a474e9fef2f6fc81ae4d7,
title = "Cryptanalysis of SIMON variants with connections",
abstract = "Abstract. SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.",
keywords = "Feistel, Impossible differential cryptanalysis, Lightweight, Linear cryptanalysis, RFID, Rotational cryptanalysis, SIMON, Weak keys",
author = "Javad Alizadeh and Hoda Alkhzaimi and Aref, {Mohammad Reza} and Nasour Bagheri and Praveen Gauravaram and Abhishek Kumar and Lauridsen, {Martin M.} and Sanadhya, {Somitra Kumar}",
year = "2014",
month = "1",
day = "1",
doi = "10.1007/978-3-319-13066-8_6",
language = "English (US)",
volume = "8651",
pages = "90--107",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Cryptanalysis of SIMON variants with connections

AU - Alizadeh, Javad

AU - Alkhzaimi, Hoda

AU - Aref, Mohammad Reza

AU - Bagheri, Nasour

AU - Gauravaram, Praveen

AU - Kumar, Abhishek

AU - Lauridsen, Martin M.

AU - Sanadhya, Somitra Kumar

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Abstract. SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

AB - Abstract. SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

KW - Feistel

KW - Impossible differential cryptanalysis

KW - Lightweight

KW - Linear cryptanalysis

KW - RFID

KW - Rotational cryptanalysis

KW - SIMON

KW - Weak keys

UR - http://www.scopus.com/inward/record.url?scp=84911907668&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84911907668&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-13066-8_6

DO - 10.1007/978-3-319-13066-8_6

M3 - Article

AN - SCOPUS:84911907668

VL - 8651

SP - 90

EP - 107

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -