Cryptology ePrint Archive: Report 2014/761

Cryptanalysis of Reduced-round SIMON32 and SIMON48

Qingju Wang and Zhiqiang Liu and Kerem Varici and Yu Sasaki and Vincent Rijmen and Yosuke Todo

Abstract: SIMON family is one of the recent lightweight block cipher designs introduced by NSA. So far there have been several cryptanalytic results on this cipher by means of differential, linear and impossible differential cryptanalysis. In this paper, we study the security of SIMON32, SIMON48/72 and SIMON48/96 by using integral, zero-correlation linear and impossible differential cryptanalysis. Firstly, we present a novel experimental approach to construct the best known integral distinguishers of SIMON32. The small block size, 32 bits, of SIMON32 enables us to experimentally find a 15-round integral distinguisher, based on which we present a key recovery attack on 21-round SIMON32, while previous best results published in FSE 2014 only achieved 19 rounds. Actually, our approach provides a very efficient way to elaborate good integral distinguishers of block ciphers with small block size. Moreover, by applying the divide-and-conquer technique delicately, we attack 20-round SIMON32, 20-round SIMON48/72 and 21-round SIMON48/96 based on 11 and 12-round zero-correlation linear hulls of SIMON32 and SIMON48 respectively. The results for SIMON32 and SIMON48/96 are better than the known results published in FSE 2014. Finally, we propose impossible differential attacks on 18-round SIMON32, 18-round SIMON48/72 and 19-round SIMON48/96, which significantly improve the previous impossible differential attacks. Our analysis together with the previous results show that SIMON maintains enough security margin even if various approaches of cryptanalysis are considered.

Category / Keywords: secret-key cryptography / SIMON, block cipher, cryptanalysis, integral, zero-correlation, impossible differential

Original Publication (with major differences): INDOCRYPT 2014

Date: received 29 Sep 2014

Contact author: qingju wang at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20140930:123006 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]