Cryptology ePrint Archive: Report 2015/285

Improved Linear Trails for the Block Cipher Simon

Tomer Ashur

Abstract: Simon is a family of block ciphers designed by the NSA and published in 2013. Due to their simple structure and the fact that the specification lacked security design rationale, the ciphers have been the subject of much cryptanalytic work, especially using differential and linear cryptanalysis.

We improve previously published linear trail bias estimations by presenting a novel method to calculate the bias of short linear hulls in Simon and use them to construct longer linear approximations. By using these linear approximations we present key recovery attacks of up to 25 rounds for Simon64/128, 24 rounds for Simon32/64, Simon48/96, and Simon64/96, and 23 rounds for Simon48/72. The attacks on Simon32 and Simon48 are currently the best attacks on these versions. The attacks on Simon64 do not cover as many rounds as attacks using differential cryptanalysis but they work in the more natural setting of known plaintexts rather than chosen plaintexts.

Category / Keywords: secret-key cryptography / Linear cryptanalysis, Linear hulls, Linear super-trail, Simon

Date: received 25 Mar 2015

Contact author: tashur at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20150326:095114 (All versions of this report)

Short URL: ia.cr/2015/285

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]