• Corpus ID: 16275012

Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013

  title={Differential and Linear Cryptanalysis of Reduced-Round Simon Revision From October 9 , 2013},
  author={Farzaneh Abed and Eik List and Stefan Lucks and Jakob Wenzel},
This paper presents differential attacks of round-reduced versions of Simon with up to 18/32, 19/36, 25/44, 35/54, and 46/72 rounds for the 32-, 48-, 64-, 96-, and 128-bit versions, respectively. Furthermore, we consider in brief related-key rectangle, impossible-differential, and also linear attacks. While all our attacks are completely academic, they demonstrate the drawback of the intensive optimizations in Simon. 

Figures and Tables from this paper

Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques
The improved linear attacks on all reduced versions of Simon with dynamic key-guessing technique, which was proposed to improve the differential attack on Simon recently, are given.
Cryptanalysis of Reduced-Round SIMON32 and SIMON48
This paper presents a novel experimental approach to construct the best known integral distinguishers of SIMON32, and proposes new impossible differential attacks which improve the previous impossibility differential attacks.
Zero-Correlation Linear Cryptanalysis of Reduced-Round SIMON
This paper mainly presents zero-correlation linear cryptanalysis on various versions of SIMON, and uses the divide-and-conquer technique to improve the results of linear crypt analysis proposed by Javad et al. in ePrint Report 2013/663.
Improved Impossible Differential Attacks against Round-Reduced LBlock
By applying this method, the best (non-exhaustive search like) cryptanalysis of this function in the single-key model is able to break 23 rounds of LBlock with time complexity $2^{75.36}$ and data complexity £2^{59}$.
Impossible Differential Cryptanalysis of Reduced Round SIMON
This paper uses automatic-search technique to obtain the longest impossible differential paths of SIMON, and then proposes impossible differential attacks on SIMON32/64, which can reduce the complexity of data collecting phase greatly.
Improved Linear Cryptanalysis of Round Reduced SIMON
This work presents a connection between linear characteristic and differential characteristic, multiple linear and differential and linear hull and differential, and employs it to adapt the current known results on differential cryptanalysis of SIMON to linear crypt analysis of this block cipher.
Improved Linear Trails for the Block Cipher Simon
  • T. Ashur
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2015
This work improves previously published linear trail bias estimations by presenting a novel method to calculate the bias of short linear hulls in Simon and use them to construct longer linear approximations.
Improved differential attack on 30-round SIMON64
This paper uses a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom to improve the best results on SIMON64 by 1 round.
Combined algebraic and truncated differential cryptanalysis on reduced-round SIMON
Surprisingly, no key guessing is required if pairs which satisfy a strong truncated differential property are available and this reflects the power of combining truncated differentials with algebraic attacks in ciphers of low non-linearity and shows that such cipher require a large number of rounds to be secure.
Differential Analysis on Simeck and SIMON with Dynamic Key-Guessing Techniques
The dynamic key-guessing techniques are converted to a program that can automatically give out the data in dynamicKeyGuessing procedure and, with this tool, the differential security evaluation of SIMON and Simeck like block ciphers becomes very convenient.


Impossible Differential Cryptanalysis of Reduced-Round LBlock
This paper improves the impossible differential attack on 20-round LBlock given in the design paper of the LBlock cipher using relations between the round keys and uses the same 14-round impossible differential characteristic observed by the designers to attack on 21 rounds.
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent
A new cryptanalytic technique based on Wagner's boomerang and inside-out attacks is introduced, and its use on reduced-round variants of the MARS core and Serpent is demonstrated.
Differential Cryptanalysis of DES-like Cryptosystems
The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Bureau of Standards in the mid
Linear Cryptanalysis Method for DES Cipher
  • M. Matsui
  • Computer Science, Mathematics
  • 1993
A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.
Algebraic Techniques in Differential Cryptanalysis
A new cryptanalytic method against block ciphers is proposed, which combines both algebraic and statistical techniques, and is applied to mount differential attacks against round reduced variants of Present-128.
Conditional Differential Cryptanalysis of Trivium and KATAN
The concept of conditional differential cryptanalysis has been applied to NLFSR-based cryptosystems at ASIACRYPT 2010 is improved by using automatic tools to find and analyze the involved conditions and new cryptanalytic results are obtained.
Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN
Using an iterative collection of differential characteristics and neutral bits in plaintexts, this paper finds conforming pairs for four rounds with amortized cost below 212 encryptions, whereas at least 230 was expected by the preliminary analysis of KLEIN.
Cryptanalysis of LOKI91
  • L. Knudsen
  • Mathematics, Computer Science
  • 1992
It is shown that there is no characteristic with a probability high enough to do a successful differential attack on LokI 91 and a chosen plaintext attack is introduced that reduces an exhaustive key search on LOKI 91 by almost a factor 4 using 233+2 chosen plain Texts.
Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers
Improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box and methods to improve the estimates for the E DP in the case of six active S-boxes are improved.
Differential Cryptanalysis of Feal and N-Hash
The applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the N-Hash hash function is shown.