Cryptanalysis of SIMON Variants with Connections

Javad Alizadeh, Hoda A. Alkhzaimi, Mohammad Reza Aref, Nasour Bagheri, Praveen Gauravaram, Abhishek Kumar, Martin Mehl Lauridsen, Somitra Kumar Sanadhya

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.
Original languageEnglish
Title of host publicationProceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014 : Revised Selected Papers
EditorsNitesh Saxena, Ahmad-Reza Sadeghi
PublisherSpringer
Publication date2014
Pages90-107
ISBN (Print)978-3-319-13065-1
ISBN (Electronic)78-3-319-13066-8
DOIs
Publication statusPublished - 2014
Event10th International Workshop on RFID Security and Privacy (RFIDSec 2014) - Oxford, United Kingdom
Duration: 21 Jul 201423 Jul 2014
Conference number: 10
http://www.rfid-sec.org/

Workshop

Workshop10th International Workshop on RFID Security and Privacy (RFIDSec 2014)
Number10
CountryUnited Kingdom
CityOxford
Period21/07/201423/07/2014
Internet address
SeriesLecture Notes in Computer Science
Number8651
ISSN0302-9743

Cite this

Alizadeh, J., Alkhzaimi, H. A., Aref, M. R., Bagheri, N., Gauravaram, P., Kumar, A., ... Sanadhya, S. K. (2014). Cryptanalysis of SIMON Variants with Connections. In N. Saxena, & A-R. Sadeghi (Eds.), Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014: Revised Selected Papers (pp. 90-107). Springer. Lecture Notes in Computer Science, No. 8651 https://doi.org/10.1007/978-3-319-13066-8_6
Alizadeh, Javad ; Alkhzaimi, Hoda A. ; Aref, Mohammad Reza ; Bagheri, Nasour ; Gauravaram, Praveen ; Kumar, Abhishek ; Lauridsen, Martin Mehl ; Sanadhya, Somitra Kumar. / Cryptanalysis of SIMON Variants with Connections. Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014: Revised Selected Papers. editor / Nitesh Saxena ; Ahmad-Reza Sadeghi. Springer, 2014. pp. 90-107 (Lecture Notes in Computer Science; No. 8651).
@inproceedings{5a413feb594c420b8d62fa45a61deb5d,
title = "Cryptanalysis of SIMON Variants with Connections",
abstract = "SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.",
author = "Javad Alizadeh and Alkhzaimi, {Hoda A.} and Aref, {Mohammad Reza} and Nasour Bagheri and Praveen Gauravaram and Abhishek Kumar and Lauridsen, {Martin Mehl} and Sanadhya, {Somitra Kumar}",
year = "2014",
doi = "10.1007/978-3-319-13066-8_6",
language = "English",
isbn = "978-3-319-13065-1",
pages = "90--107",
editor = "Saxena, {Nitesh } and Ahmad-Reza Sadeghi",
booktitle = "Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014",
publisher = "Springer",

}

Alizadeh, J, Alkhzaimi, HA, Aref, MR, Bagheri, N, Gauravaram, P, Kumar, A, Lauridsen, MM & Sanadhya, SK 2014, Cryptanalysis of SIMON Variants with Connections. in N Saxena & A-R Sadeghi (eds), Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014: Revised Selected Papers. Springer, Lecture Notes in Computer Science, no. 8651, pp. 90-107, 10th International Workshop on RFID Security and Privacy (RFIDSec 2014), Oxford, United Kingdom, 21/07/2014. https://doi.org/10.1007/978-3-319-13066-8_6

Cryptanalysis of SIMON Variants with Connections. / Alizadeh, Javad; Alkhzaimi, Hoda A.; Aref, Mohammad Reza; Bagheri, Nasour; Gauravaram, Praveen; Kumar, Abhishek; Lauridsen, Martin Mehl; Sanadhya, Somitra Kumar.

Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014: Revised Selected Papers. ed. / Nitesh Saxena; Ahmad-Reza Sadeghi. Springer, 2014. p. 90-107 (Lecture Notes in Computer Science; No. 8651).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - Cryptanalysis of SIMON Variants with Connections

AU - Alizadeh, Javad

AU - Alkhzaimi, Hoda A.

AU - Aref, Mohammad Reza

AU - Bagheri, Nasour

AU - Gauravaram, Praveen

AU - Kumar, Abhishek

AU - Lauridsen, Martin Mehl

AU - Sanadhya, Somitra Kumar

PY - 2014

Y1 - 2014

N2 - SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

AB - SIMON is a family of 10 lightweight block ciphers published by Beaulieu et al. from the United States National Security Agency (NSA). A cipher in this family with K-bit key and N-bit block is called SIMONN/K. We present several linear characteristics for reduced-round SIMON32/64 that can be used for a key-recovery attack and extend them further to attack other variants of SIMON. Moreover, we provide results of key recovery analysis using several impossible differential characteristics starting from 14 out of 32 rounds for SIMON32/64 to 22 out of 72 rounds for SIMON128/256. In some cases the presented observations do not directly yield an attack, but provide a basis for further analysis for the specific SIMON variant. Finally, we exploit a connection between linear and differential characteristics for SIMON to construct linear characteristics for different variants of reduced-round SIMON. Our attacks extend to all variants of SIMON covering more rounds compared to any known results using linear cryptanalysis. We present a key recovery attack against SIMON128/256 which covers 35 out of 72 rounds with data complexity 2123. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias presented in this work.

U2 - 10.1007/978-3-319-13066-8_6

DO - 10.1007/978-3-319-13066-8_6

M3 - Article in proceedings

SN - 978-3-319-13065-1

SP - 90

EP - 107

BT - Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014

A2 - Saxena, Nitesh

A2 - Sadeghi, Ahmad-Reza

PB - Springer

ER -

Alizadeh J, Alkhzaimi HA, Aref MR, Bagheri N, Gauravaram P, Kumar A et al. Cryptanalysis of SIMON Variants with Connections. In Saxena N, Sadeghi A-R, editors, Proceedings of the 10th International Workshop on Radio Frequency Identification Security and Privacy Issues, RFIDSec 2014: Revised Selected Papers. Springer. 2014. p. 90-107. (Lecture Notes in Computer Science; No. 8651). https://doi.org/10.1007/978-3-319-13066-8_6