In addition, we describe a connection between linear and differential characteristics for SIMON. This connection is then exploited by using the differential characteristics of the previous work of Abed \textit{et al.} to construct linear characteristics presented in this work. Our attacks extend to all variants of SIMON covering more number of rounds compared to the previous results on linear cryptanalysis. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias of various characteristics presented in this work. %We also verified the results for SIMON32/64 experimentally to see whether implementation confirms theory. So far, our results are the best known with respect to linear cryptanalysis for any variant of SIMON.
Category / Keywords: secret-key cryptography / SIMON, Linear Characteristic, Linear Cryptanalysis Original Publication (with major differences): These results together with other results are published in RFIDSec 2014. Date: received 16 Oct 2013, last revised 16 Oct 2014 Contact author: na bagheri at gmail com Available format(s): PDF | BibTeX Citation Note: In this version we have fixed some typos and improved our results for SIMON96/144 and SIMON128/256. Version: 20141016:063117 (All versions of this report) Short URL: ia.cr/2013/663 Discussion forum: Show discussion | Start new discussion