International Association
for Cryptologic Research

In 2013, the US National Security Agency proposed two new families of lightweight block ciphers: SIMON and SPECK. However, no security analysis was provided for these ciphers. Currently, linear and differential cryptanalytic results for SIMON ciphers are available in the literature, but no fault attacks on these two cipher families have been reported so far. In this paper, we present the first fault attack on SIMON and SPECK families. The attack assumes a fault model that can flip only one bit of the intermediate result. Using this attack the n-bit secret key used in SIMON cipher can be recovered using (n/2) bit faults on an average while the n-bit secret key of SPECK cipher can be recovered using (n/3) bit faults. Furthermore, we demonstrate a more practical attack on SIMON that employs a random byte fault model. This attack retrieves multiple bits of the key depending upon the Hamming weight of the byte fault. The average number of byte faults required to retrieve all n bits of the last round key is (n/8).