Cryptology ePrint Archive: Report 2015/666

Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-guessing Techniques

Huaifeng Chen and Xiaoyun Wang

Abstract: Simon is a lightweight block cipher family proposed by NSA in 2013. It has drawn many cryptanalysts' attention and varity of cryptanalysis results have been published, including differential, linear, impossible differential, integral cryptanalysis and so on. In this paper, we give improved linear attack on all versions of Simon with dynamic key-guessing techniques, which was proposed to improve the differential attack on Simon recently. By establishing the boolean function of parity bit in the linear hull distinguisher and reducing the function accroding the property of AND operation, we can guess different subkeys (or equivalent subkeys) for different situations, which decrease the number of key bits involved in the attack and decrease the time complexity in a further step. As a result, 23-round Simon32/64, 24-round Simon48/72, 25-round Simon48/96, 30-round Simon64/96, 31-round Simon64/128, 37-round Simon96/96, 38-round Simon96/144, 49-round Simon128/128, 51-round Simon128/192 and 53-round Simon128/256 can be attacked. The linear attacks on most versions of Simon are the best attacks among all cryptanalysis results on these variants known up to now. However, this does not shake the security of Simon family with full rounds.

Category / Keywords:

Date: received 2 Jul 2015, last revised 5 Jul 2015

Contact author: hfchen at mail sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20150706:012426 (All versions of this report)

Short URL: ia.cr/2015/666

Discussion forum: Show discussion | Start new discussion