Cryptology ePrint Archive: Report 2016/020

Truncated Differential Based Known-Key Attacks on Round-Reduced Simon

Yonglin Hao and Willi Meier

Abstract: At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight blockcipher with a SPN structure. The truncated difference they used is derived from the existing multidimensional linear characteristics. An innovative technique of their work is the design of a MITM layer added before the characteristic that covers extra rounds with a complexity lower than that of a generic construction.

We notice that there are good linear hulls for bit-oriented block cipher Simon corresponding to highly qualified truncated differential characteristics. Based on these characteristics, we propose known-key distinguishers on round-reduced Simon block cipher family, which is bit oriented and has a Feistel structure. Similar to the MITM layer, we design a specific start-from-the-middle method for pre-adding extra rounds with complexities lower than generic bounds. With these techniques, we launch basic known-key attacks on round-reduced Simon. We also involve some key guessing technique and further extend the basic attacks to more rounds.

Our known-key attacks can reach as many as 29/32/38/48/63-rounds of Simon32/48/64/96/128, which comes quite close to the full number of rounds. To the best of our knowledge, these are the first known-key results on the block cipher Simon.

Category / Keywords: secret-key cryptography / Truncated Differential, Known-Key Attack, Simon

Date: received 8 Jan 2016, last revised 1 Feb 2016

Contact author: haoyl12 at mails tsinghua edu cn

Available format(s): PDF | BibTeX Citation

Version: 20160202:060600 (All versions of this report)

Short URL: ia.cr/2016/020

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]