## Cryptology ePrint Archive: Report 2013/663

Linear Cryptanalysis of Round Reduced SIMON

Abstract: SIMON is a family of lightweight block ciphers that was proposed by U.S National Security Agency (NSA). A cipher in this family with $K$-bit key and $N$-bit block is called SIMON ${N}/{K}$. In this paper we analyze the security of SIMON against linear cryptanalysis. We present several linear characteristics for all variants of SIMON with reduced number of rounds. Our best linear characteristic covers SIMON 32/64 reduced to 13 rounds out of 32 rounds with the bias of $2^{-16}$.

In addition, we describe a connection between linear and differential characteristics for SIMON. This connection is then exploited by using the differential characteristics of the previous work of Abed \textit{et al.} to construct linear characteristics presented in this work. Our attacks extend to all variants of SIMON covering more number of rounds compared to the previous results on linear cryptanalysis. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias of various characteristics presented in this work. %We also verified the results for SIMON32/64 experimentally to see whether implementation confirms theory. So far, our results are the best known with respect to linear cryptanalysis for any variant of SIMON.

Category / Keywords: secret-key cryptography / SIMON, Linear Characteristic, Linear Cryptanalysis

Original Publication (with major differences): These results together with other results are published in RFIDSec 2014.

Date: received 16 Oct 2013, last revised 16 Oct 2014

Contact author: na bagheri at gmail com

Available format(s): PDF | BibTeX Citation

Note: In this version we have fixed some typos and improved our results for SIMON96/144 and SIMON128/256.

[ Cryptology ePrint archive ]