International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 05 July 2015

Huaifeng Chen, Xiaoyun Wang
ePrint Report ePrint Report
\\textsc{Simon} is a lightweight block cipher family proposed by NSA in 2013. It has drawn many cryptanalysts\' attention and varity of cryptanalysis results have been published, including differential, linear, impossible differential, integral cryptanalysis and so on.

In this paper, we give improved linear attack on all versions of \\textsc{Simon} with dynamic key-guessing techniques, which was proposed to improve the differential attack on \\textsc{Simon} recently.

By establishing the boolean function of parity bit in the linear hull distinguisher and reducing the function accroding the property of AND operation, we can guess different subkeys (or equivalent subkeys) for different situations, which decrease the number of key bits involved in the attack and decrease the time complexity in a further step.

As a result, 23-round \\textsc{Simon}32/64, 24-round \\textsc{Simon}48/72, 25-round \\textsc{Simon}48/96, 30-round \\textsc{Simon}64/96, 31-round \\textsc{Simon}64/128, 37-round \\textsc{Simon}96/96, 38-round \\textsc{Simon}96/144, 49-round \\textsc{Simon}128/128, 51-round \\textsc{Simon}128/192 and 53-round \\textsc{Simon}128/256 can be attacked.

The linear attacks on most versions of \\textsc{Simon} are the best attacks among all cryptanalysis results on these variants known up to now. However, this does not shake the security of \\textsc{Simon} family with full rounds.

Expand

Additional news items may be found on the IACR news page.