Paper 2016/020

Truncated Differential Based Known-Key Attacks on Round-Reduced Simon

Yonglin Hao and Willi Meier


At Crypto 2015, Blondeau, Peyrin and Wang proposed a truncated-differential-based known-key attack on full PRESENT, a nibble oriented lightweight blockcipher with a SPN structure. The truncated difference they used is derived from the existing multidimensional linear characteristics. An innovative technique of their work is the design of a MITM layer added before the characteristic that covers extra rounds with a complexity lower than that of a generic construction. We notice that there are good linear hulls for bit-oriented block cipher Simon corresponding to highly qualified truncated differential characteristics. Based on these characteristics, we propose known-key distinguishers on round-reduced Simon block cipher family, which is bit oriented and has a Feistel structure. Similar to the MITM layer, we design a specific start-from-the-middle method for pre-adding extra rounds with complexities lower than generic bounds. With these techniques, we launch basic known-key attacks on round-reduced Simon. We also involve some key guessing technique and further extend the basic attacks to more rounds. Our known-key attacks can reach as many as 29/32/38/48/63-rounds of Simon32/48/64/96/128, which comes quite close to the full number of rounds. To the best of our knowledge, these are the first known-key results on the block cipher Simon.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Truncated DifferentialKnown-Key AttackSimon
Contact author(s)
haoyl12 @ mails tsinghua edu cn
2016-02-02: last of 3 revisions
2016-01-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yonglin Hao and Willi Meier},
      title = {Truncated Differential Based Known-Key Attacks on Round-Reduced Simon},
      howpublished = {Cryptology ePrint Archive, Paper 2016/020},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.