SpringerLink
Log in

Analyzing Key Schedule of Simon: Iterative Key Differences and Application to Related-Key Impossible Differentials

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10418))

Included in the following conference series:

Abstract

The current paper analyzes the key schedule function of lightweight block cipher Simon, which was designed by NSA in 2013. In particular, a list of all iterative key differences is provided for all members of the Simon-family for all number of rounds. The iterative differences are searched by exploiting the fact that Simon only adopts linear operations in the key schedule function. By using the discovered iterative key difference for Simon32, a 15-round related-key impossible differential is constructed, which improves the previous longest 11-round impossible differentials of Simon32 in the single-key setting by four rounds. The current paper makes better understanding of related-key security of Simon.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdelraheem, M.A., Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P.: Improved linear cryptanalysis of reduced-round SIMON-32 and SIMON-48. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 153–179. Springer, Cham (2015). doi:10.1007/978-3-319-26617-6_9

    Chapter  Google Scholar 

  2. Abed, F., List, E., Lucks, S., Wenzel, J.: Differential cryptanalysis of round-reduced Simon and Speck. In: Cid and Rechberger [12], pp. 525–545

    Google Scholar 

  3. Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated dynamic cube attack on block ciphers: Cryptanalysis of SIMON and KATAN. Cryptology ePrint Archive, Report 2015/040 (2015)

    Google Scholar 

  4. Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P., Kumar, A., Lauridsen, M.M., Sanadhya, S.K.: Cryptanalysis of SIMON variants with connections. In: Saxena, N., Sadeghi, A.-R. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 90–107. Springer, Cham (2014). doi:10.1007/978-3-319-13066-8_6

    Google Scholar 

  5. Ashur, T.: Improved linear trails for the block cipher Simon. Cryptology ePrint Archive, Report 2015/285 (2015)

    Google Scholar 

  6. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013)

    Google Scholar 

  7. Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. J. Cryptology 18(4), 291–311 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  8. Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Cid and Rechberger [12], pp. 546–570

    Google Scholar 

  9. Boura, C., Naya-Plasencia, M., Suder, V.: Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and Simon. In: Sarkar and Iwata [18], pp. 179–199

    Google Scholar 

  10. Chen, H., Wang, X.: Improved linear hull attack on round-reduced Simon with dynamic key-guessing techniques. Cryptology ePrint Archive, Report 2015/666 (2015)

    Google Scholar 

  11. Chen, Z., Wang, N., Wang, X.: Impossible differential cryptanalysis of reduced round SIMON. Cryptology ePrint Archive, Report 2015/286 (2015)

    Google Scholar 

  12. Cid, C., Rechberger, C. (eds.): FSE 2014. LNCS, vol. 8540. Springer, Heidelberg (2015)

    Google Scholar 

  13. Hao, Y., Meier, W.: Truncated differential based known-key attacks on round-reduced Simon. Cryptology ePrint Archive, Report 2016/020 (2016)

    Google Scholar 

  14. Knudsen, L.: DEAL - a 128-bit block cipher. In: NIST AES Proposal (1998)

    Google Scholar 

  15. Liu, Z., Li, Y., Wang, M.: Optimal differential trails in SIMON-like ciphers. Cryptology ePrint Archive, Report 2017/178 (2017)

    Google Scholar 

  16. Mourouzis, T., Song, G., Courtois, N., Christofii, M.: Advanced differential cryptanalysis of reduced-round SIMON64/128 using large-round statistical distinguishers. Cryptology ePrint Archive, Report 2015/481 (2015)

    Google Scholar 

  17. Raddum, H.: Algebraic analysis of the simon block cipher family. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 157–169. Springer, Cham (2015). doi:10.1007/978-3-319-22174-8_9

    Chapter  Google Scholar 

  18. Sarkar, P., Iwata, T. (eds.): ASIACRYPT 2014. LNCS, vol. 8873. Springer, Heidelberg (2014)

    MATH  Google Scholar 

  19. Sasaki, Y., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 185–215. Springer, Cham (2017). doi:10.1007/978-3-319-56617-7_7

    Chapter  Google Scholar 

  20. Shi, D., Hu, L., Sun, S., Song, L., Qiao, K., Ma, X.: Improved linear (hull) cryptanalysis of round-reduced versions of SIMON. Cryptology ePrint Archive, Report 2014/973 (2014)

    Google Scholar 

  21. Sun, S., Hu, L., Wang, M., Wang, P., Qiao, K., Ma, X., Shi, D., Song, L., Fu, K.: Constructing mixed-integer programming models whose feasible region is exactly the set of all valid differential characteristics of SIMON. Cryptology ePrint Archive, Report 2015/122 (2015)

    Google Scholar 

  22. Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar and Iwata [18], pp. 158–178

    Google Scholar 

  23. Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016). doi:10.1007/978-3-662-52993-5_18

    Chapter  Google Scholar 

  24. Wang, N., Wang, X., Jia, K., Zhao, J.: Differential attacks on reduced SIMON versions with dynamic key-guessing techniques. Cryptology ePrint Archive, Report 2014/448 (2014)

    Google Scholar 

  25. Wang, Q., Liu, Z., Varici, K., Sasaki, Y., Rijmen, V., Todo, Y.: Cryptanalysis of reduced-round SIMON32 and SIMON48. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 143–160. Springer, Cham (2014). doi:10.1007/978-3-319-13039-2_9

    Google Scholar 

  26. **ang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53887-6_24

    Chapter  Google Scholar 

  27. **ang, Z., Zhang, W., Lin, D.: On the division property of Simon48 and Simon64. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 147–163. Springer, Cham (2016). doi:10.1007/978-3-319-44524-3_9

    Chapter  Google Scholar 

Download references

Acknowledgments

The work by Tetsu Iwata was supported in part by JSPS KAKENHI, Grant-in-Aid for Scientific Research (B), Grant Number 26280045, and was carried out while visiting Nanyang Technological University, Singapore.

Author information

Authors and Affiliations

  1. Nagoya University, Nagoya, Japan

    Kota Kondo & Tetsu Iwata

  2. NTT Secure Platform Laboratories, Tokyo, Japan

    Yu Sasaki & Yosuke Todo

Authors
  1. Kota Kondo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yosuke Todo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tetsu Iwata
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu Sasaki .

Editor information

Editors and Affiliations

  1. Hosei University, Tokyo, Japan

    Satoshi Obana

  2. NTT Corporation, Tokyo, Japan

    Koji Chida

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Kondo, K., Sasaki, Y., Todo, Y., Iwata, T. (2017). Analyzing Key Schedule of Simon: Iterative Key Differences and Application to Related-Key Impossible Differentials. In: Obana, S., Chida, K. (eds) Advances in Information and Computer Security. IWSEC 2017. Lecture Notes in Computer Science(), vol 10418. Springer, Cham. https://doi.org/10.1007/978-3-319-64200-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64200-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64199-7

  • Online ISBN: 978-3-319-64200-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation