Paper 2014/448

Differential Attacks on Reduced SIMON Versions with Dynamic Key-guessing Techniques

Ning Wang, Xiaoyun Wang, Keting Jia, and Jingyuan Zhao


SIMON is a family of lightweight block ciphers which are designed by the U.S National Security Agency in 2013. It has totally 10 versions corresponding to different block size $2n$ and key length $l_k$, named as SIMON$2n/l_k$. In this paper, we present a new differential attack by considering the sufficient bit conditions of the previous differential paths. Based on the bit conditions, we successfully propose a new type of dynamic key-guessing technique which greatly reduces the key space guessed. Our attacks work on the reduced SIMON of all 10 suggested versions, which improve the best previous results by 2 to 4 rounds. For verification, we implemented a practical attack on 19-round SIMON32 in a PC, and the experimental data confirm the correctness of the attack, which also fit the theoretical complexity and success rate very well. It is remarked that, our cryptanalysis only provides a more accurate security evaluation, and it does not mean the security problem of the whole SIMON family

Available format(s)
Publication info
Preprint. MINOR revision.
SIMONlightweight block cipherbit conditiondifferential attackdynamic key-guessing
Contact author(s)
wangning2012 @ mail sdu edu cn
2015-05-27: last of 3 revisions
2014-06-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ning Wang and Xiaoyun Wang and Keting Jia and Jingyuan Zhao},
      title = {Differential Attacks on Reduced {SIMON} Versions with Dynamic Key-guessing Techniques},
      howpublished = {Cryptology ePrint Archive, Paper 2014/448},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.