Paper 2021/1198

Clustering Effect in Simon and Simeck

Gaëtan Leurent, French Institute for Research in Computer Science and Automation
Clara Pernot, French Institute for Research in Computer Science and Automation
André Schrottenloher, Centrum Wiskunde & Informatica
Abstract

Simon and Simeck are two lightweight block ciphers with a simple round function using only word rotations and a bit-wise AND operation. Previous work has shown a strong clustering effect for differential and linear cryptanalysis, due to the existence of many trails with the same inputs and outputs. In this paper, we explore this clustering effect by exhibiting a class of high probability differential and linear trails where the active bits stay in a fixed window of $w$ bits. Instead of enumerating a set of good trails contributing to a differential or a linear approximation, we compute the probability distribution over this space, including all trails in the class. This results in stronger distinguishers than previously proposed, and we describe key recovery attacks against Simon and Simeck improving the previous results by up to 7 rounds. In particular, we obtain an attack against 42-round Simeck64, leaving only two rounds of security margin, and an attack against 45-round Simon96/144, reducing the security margin from 16 rounds to 9 rounds.

Note: Recompiled to fix Figure 8.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2021
DOI
10.1007/978-3-030-92062-3_10
Keywords
Lightweight cipher Simon Simeck differential cryptanalysis linear cryptanalysis clustering effect
Contact author(s)
gaetan leurent @ inria fr
clara pernot @ inria fr
andre schrottenloher @ m4x org
History
2022-10-11: last of 2 revisions
2021-09-17: received
See all versions
Short URL
https://ia.cr/2021/1198
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/1198,
      author = {Gaëtan Leurent and Clara Pernot and André Schrottenloher},
      title = {Clustering Effect in Simon and Simeck},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1198},
      year = {2021},
      doi = {10.1007/978-3-030-92062-3_10},
      url = {https://eprint.iacr.org/2021/1198}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.