Improved Linear Cryptanalysis of reduced-round SIMON-32 and SIMON-48.

In this paper we analyse two variants of SIMON family of light-weight block ciphers against linear cryptanalysis and present the best linear cryptanalytic results on these variants of reduced-round SIMON ... The presented linear approximations allow us to mount a 23-round key recovery attack on SIMON-32 and a 24-round Key recovery attack on SIMON-48/96 which are the current best results on SIMON-32 and SIMON ... Lauridsen, Arnab Roy and Tyge Tiessen for many useful discussions about linear and differential cryptanalysis of SIMON. ...

doi:10.1007/978-3-319-26617-6_9 fatcat:wnwcuux7ajb3rnv5xejmhgt4zq

We present attacks on 21-rounds of Simon 32/64, 21-rounds of Simon 48/96, 25-rounds of Simon 64/128, 35-rounds of Simon 96/144 and 43-rounds of Simon 128/256, often with direct recovery of the full master ... We also present other example linear cryptanalysis, experimentally verified on 8, 10 and 12 rounds for Simon 32/64. ... Then, Sun et al. [18] improved Zero-correlation linear cryptanalysis presented in [17] on SIMON 32/64, SIMON 48/72, SIMON 48/96 and the first to apply it on the larger variants of SIMON. ...

doi:10.3390/cryptography4010009 fatcat:ldk2auxgpnbwjim7pcx4yjm7cu

DOAJ

SIMON family, which are the best results for linear cryptanalysis of SIMON published so far. ... Moreover, by employing a recently published method for automatic enumeration of differential and linear characteristics by Sun et. al., we present an improved linear hull analysis of some versions of the ... With a method for automatic enumeration of the differential and linear characteristic, improved results on the linear (hull) cryptanalysis on SIMON were obtained. ...

doi:10.1007/s11432-015-0007-1 fatcat:dtssyzrw3zam7hw4pabitxwepq

Dynamic key-guessing techniques, which exploit the property of AND operation, could improve the differential and linear cryptanalytic results by reducing the number of guessed subkey bits and lead to good ... According to the features of integral cryptanalysis, we extend dynamic key-guessing techniques and get better integral cryptanalysis results than before. ... The authors declare that there are no conflicts of interest regarding the publication of this article. Acknowledgments This work is supported by China's 973 Program (no. 2013CB834205). ...

doi:10.1155/2018/5160237 fatcat:u4mmdhzkuzdwtoh32lqt5dbci4

DOAJ

In this paper, we give the improved linear attacks on all reduced versions of Simon with dynamic key-guessing technique, which was proposed to improve the differential attack on Simon recently. ... It has drawn many cryptanalysts' attention and varieties of cryptanalysis results have been published, including differential, linear, impossible differential, integral cryptanalysis and so on. ... This work was partially supported by the National Natural Science Foundation of China (Grant No. 61133013), also supported by National Key Basic Research Program of China (Grant No. 2013CB834205). ...

doi:10.1007/978-3-662-52993-5_22 fatcat:ycb6lijnejgztae6jldgmso3uu

From the aspects of linear and differential cryptanalysis, this mapping is equivalent to the core quadratic mapping of SIMON via rearrangement of coordinates and EA -equivalence. ... By the aid of the tools given in this paper, the process of the search for linear and differential characteristics of SIMON and SPECK families of block ciphers could be sped up, and the complexity of linear ... Conflicts of Interest: The author declares no conflict of interest. ...

doi:10.3390/cryptography3010001 fatcat:agx3d67n2vgq3iuufuzzu3mwia

DOAJ

Moreover, we attack 20-round SI-MON32, 20-round SIMON48/72 and 21-round SIMON48/96 based on 11 and 12-round zero-correlation linear hulls of SIMON32 and SIMON48 respectively. ... In this paper, we study the security of SIMON32, SIMON48/72 and SIMON48/96 by using integral, zero-correlation linear and impossible differential cryptanalysis. ... Our improvements upon the state-of-the-art cryptanalysis for SIMON are given in Table 1 . Organization. The remainder of this paper is organized as follows. ...

doi:10.1007/978-3-319-13039-2_9 fatcat:ucb4p4km7nccrpeo2da4hf55zm

Finally, we construct related-key rectangle distinguishers for round-reduced versions of Simon with block lengths of 32, 48, and 64, and we suggest a five- or six-round key recovery attack. ... First, we studied how to calculate the probability of an RXD for bitwise AND operation that the round function of Simon is based on unlike Speck is on modular addition. ... of Simon-32/64, 48/72, and 48/96. ...

doi:10.1155/2020/5968584 fatcat:fyxvwxqfajgbjhx4clfcdrbiei

DOAJ

Bearing this in mind, we analyze the security of CHAM against various attacks, including differential cryptanalysis and linear cryptanalysis. ... -Numbers of round keys are far fewer than the numbers of rounds, and round functions reuse them iteratively. This reduces the memory size necessary to store the round keys. ... It has 48 KBytes of flash and 10 KBytes of RAM. The ARM Cortex-M3 is a 32-bit processor core based on the ARMv7-M architecture, with 12 general-purpose registers. ...

doi:10.1007/978-3-319-78556-1_1 fatcat:fcilmpcigjd27bujxww2kicu24

Data complexity for 9-round SPECK, 12-round SIMON & 8-round GIFT64 is reduced from 2 31 to 2 21 , 2 34 to 2 22 and 2 28 to 2 22 respectively. ... There exists several generalisations of differential cryptanalysis and it is also used in combination with other cryptanalysis techniques to improve the attack complexity. ... This attack is generalised and combined with other cryptanalysis techniques to reduce the attack complexity. ...

dblp:journals/iacr/YadavK20 fatcat:ydpyz3tq7fdufarzsdgptoumji

Dynamic key-guessing techniques were proposed by Wang et al. to greatly reduce the key space guessed in differential cryptanalysis and work well on SIMON. ... s work and also a differential with lower Hamming weight we find using Mixed Integer Linear Programming method to attack 22-round Simeck32, 28-round Simeck48 and 35-round Simeck64. ... Acknowledgment Thanks to anonymous reviewers for their helpful comments and also organizers and audiences of ICISSP2016. The work of this paper was supported by the National ...

doi:10.1007/978-3-319-54433-5_5 fatcat:pvkqrjszozde7geekvc2jp3ami

The lack of equations leads to finding the solution much faster. The method was used to attack a lightweight block ciphers -SIMON and SPECK. ... The lack of equations leads to finding the solution much faster. The method was used to attack a lightweight block ciphers -SIMON and SPECK. ... SAT ATTACK ON SIMON AND SPECK TABLE I POSSIBLE I VARIANTS OF SIMON AND SPECK BLOCK CIPHER block key word # of SIMON # of SPECK size size size rounds rounds 32 64 16 32 22 48 72 24 ...

doi:10.36244/icj.2019.4.1 fatcat:pusrozi2andmtkwd727qtestwm

The traditional cryptanalysis is generally performed without the keyspace restriction, but only reduced-round variants of Simon and Speck are successfully attacked. ... We show the feasibility of the DL-based cryptanalysis by attacking on lightweight block ciphers such as simplified DES, Simon, and Speck. ... It is a known plaintext attack. e work in [4] showed that the efficiency of the linear cryptanalysis can be improved by use of chosen plaintexts. e authors in [5] proposed a zero-correlation linear ...

doi:10.1155/2020/3701067 fatcat:it4x43qyvrcebgeedsteaw2doq

DOAJ

right balance of cost, performance and security characteristics. ... This paper presents the performance comparison along with their reported cryptanalysis, mainly for lightweight block ciphers, and further shows new research directions to develop novel algorithms with ... [26] were reported on reduced-round versions of SIMON [98] . ...

arXiv:2006.13813v1 fatcat:tydoekhuvrhjtek64z77zw34ti

Open Access

At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits ... In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. ... The family consists of ciphers having a range of block size 2n and key size k: 32/64, 48/72, 48/96, 64/96, 64/128, 96/96, 96/144, 128/128, 128/192, and 128/256. ...

doi:10.3837/tiis.2021.02.012 fatcat:6ivrb3nmabau5cqv7b4moamy6q

Improved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48 [chapter]

Preserved Fulltext

Linear Cryptanalysis of Reduced-Round Simon Using Super Rounds

Preserved Fulltext

Improved linear (hull) cryptanalysis of round-reduced versions of SIMON

Preserved Fulltext

Improved Integral Attacks on SIMON32 and SIMON48 with Dynamic Key-Guessing Techniques

Preserved Fulltext

Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques [chapter]

Preserved Fulltext

Further Observations on SIMON and SPECK Block Cipher Families

Preserved Fulltext

Cryptanalysis of Reduced-Round SIMON32 and SIMON48 [chapter]

Preserved Fulltext

Rotational-XOR Rectangle Cryptanalysis on Round-Reduced Simon

Preserved Fulltext

CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices [chapter]

Preserved Fulltext

Differential-ML Distinguisher: Machine Learning based Generic Extension for Differential Cryptanalysis [article]

Preserved Fulltext

Differential Analysis on Simeck and SIMON with Dynamic Key-Guessing Techniques [chapter]

Preserved Fulltext

SAT Attacks on ARX Ciphers with Automated Equations Generation

Preserved Fulltext

Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers

Preserved Fulltext

Lightweight Cryptography for IoT: A State-of-the-Art [article]

Preserved Fulltext

Deep Learning Assisted Differential Cryptanalysis for the Lightweight Cipher SIMON

Preserved Fulltext