Paper 2015/666

Improved Linear Hull Attack on Round-Reduced \textsc{Simon} with Dynamic Key-guessing Techniques

Huaifeng Chen and Xiaoyun Wang

Abstract

\textsc{Simon} is a lightweight block cipher family proposed by NSA in 2013. It has drawn many cryptanalysts' attention and varieties of cryptanalysis results have been published, including differential, linear, impossible differential, integral cryptanalysis and so on. In this paper, we give the improved linear attacks on all reduced versions of \textsc{Simon} with dynamic key-guessing technique, which was proposed to improve the differential attack on \textsc{Simon} recently. By establishing the boolean function of parity bit in the linear hull distinguisher and reducing the function according to the property of AND operation, we can guess different subkeys (or equivalent subkeys) for different situations, which decrease the number of key bits involved in the attack and decrease the time complexity in a further step. As a result, 23-round \textsc{Simon}32/64, 24-round \textsc{Simon}48/72, 25-round \textsc{Simon}48/96, 30-round \textsc{Simon}64/96, 31-round \textsc{Simon}64/128, 37-round \textsc{Simon}96/96, 38-round \textsc{Simon}96/144, 49-round \textsc{Simon}128/128, 51-round \textsc{Simon}128/192 and 53-round \textsc{Simon}128/256 can be attacked. As far as we know, our attacks on most reduced versions of \textsc{Simon} are the best compared with the previous cryptanalysis results. However, this does not shake the security of \textsc{Simon} family with full rounds.

Note: Add the implementation of the 21-round attack on Simon32