Paper 2015/285

Improved Linear Trails for the Block Cipher Simon

Tomer Ashur

Abstract

Simon is a family of block ciphers designed by the NSA and published in 2013. Due to their simple structure and the fact that the specification lacked security design rationale, the ciphers have been the subject of much cryptanalytic work, especially using differential and linear cryptanalysis. We improve previously published linear trail bias estimations by presenting a novel method to calculate the bias of short linear hulls in Simon and use them to construct longer linear approximations. By using these linear approximations we present key recovery attacks of up to 25 rounds for Simon64/128, 24 rounds for Simon32/64, Simon48/96, and Simon64/96, and 23 rounds for Simon48/72. The attacks on Simon32 and Simon48 are currently the best attacks on these versions. The attacks on Simon64 do not cover as many rounds as attacks using differential cryptanalysis but they work in the more natural setting of known plaintexts rather than chosen plaintexts.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Linear cryptanalysisLinear hullsLinear super-trailSimon
Contact author(s)
tashur @ esat kuleuven be
History
2015-03-26: received
Short URL
https://ia.cr/2015/285
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/285,
      author = {Tomer Ashur},
      title = {Improved Linear Trails for the Block Cipher Simon},
      howpublished = {Cryptology ePrint Archive, Paper 2015/285},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/285}},
      url = {https://eprint.iacr.org/2015/285}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.