This paper presents differential attacks of round-reduced ver-we consider in brief related-key rectangle, impossible-differential, and also linear attacks. While all our attacks are completely academic, they demonstrate the drawback of the intensive optimizations in Simon.
In this paper, we analyze the resistance of the lightweight ciphers PRESENT, LED, and KLEIN to biclique attacks. Primarily, we describe attacks on the full-round versions PRESENT-80, In addition, we consider attacks on round-reduced versions of PRESENT and LED, to show the security margin for which an adversary can obtain an advantage of at least a factor… (More)
PRINCE is a modern involutive lightweight cipher which was proposed by Rechberger et al. in 2012. PRINCE uses 64-bit core cipher, PRINCEcore, which holds the major encryption logic and is wrapped by two key additions. Thus, the security of the cipher is mainly depending on the security properties of the core. In this paper, we present an… (More)
Correct authenticated decryption requires the receiver to buffer the decrypted message until the authenticity check has been performed. In high-speed networks, which must handle large message frames at low latency, this behavior becomes practically infeasible. This paper proposes CCA-secure on-line ciphers as a practical alternative to AE schemes since the… (More)
In this paper, we propose the first full-round attacks on the PRESENT and LED lightweight ciphers. In our attacks, we use the independent-biclique approach which has been developed recently. The proposed attacks on PRESENT-80 and PRESENT-128 require 2 60 and 2 44 chosen plaintexts, and have time complexities of 2 79.46 and 2 127.37 respectively. Our attacks… (More)
In this paper we introduce Janus, a software framework – written in Java – which is built to provide assistance in finding independent -biclique attacks for a user-chosen set of parameters, e.g., the number of rounds and dimension of the biclique. Given a certain cipher, Janus not only finds an optimal bipartite graph (biclique), but also provides an… (More)
In June 2013 the U.S. National Security Agency proposed two families of ultra-lightweight block ciphers, called Simon and Speck. In this paper we present the first cryptanalysis of round-reduced versions of Simon. We mount differential distinguishers and key-recovery attacks and 128-bit versions, respectively. Furthermore, we briefly consider… (More)
Simon and Speck are two families of ultra-lightweight block ciphers which were announced by the U.S. National Security Agency in June 2013. Yet, the specification discusses only the design and the performance of both cipher families and the task of analyzing their security has been left to the were proposed by the U.S. National Security Agency in June 2013.… (More)