Abstract
SIMON is a family of lightweight block ciphers designed by the U.S National Security Agency in 2013. In this paper, we analyze the resistance of the SIMON family of block ciphers against the recent match box meet-in-the-middle attack which was proposed in FSE 2014. Our attack particularly exploits the weaknesses of the linear key schedules of SIMON. Since the data available to the adversary is rather limited in many concrete applications, it is worthwhile to assess the security of SIMON against such low-data attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We have confirmed from the authors of [10] that the complexity is not \(2^{|l|^{|K'_1|}+|K'_1|+|\vec {r}|}\) as their paper describes, but \(2^{|l|\cdot 2^{|K'_1|}+|K'_1|+|\vec {r}|}\).
References
Abed, F., List, E., Wenzel, J., Lucks, S.: Differential cryptanalysis of round-reduced simon and speck. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS. Springer (2014, to appear)
Alizadeh, J., Alkhzaimi, H.A., Aref, M.R., Bagheri, N., Gauravaram, P., Kumar, A., Lauridsen, M.M., Sanadhya, S.K.: Cryptanalysis of SIMON variants with connections. In: Sadeghi, A.-R., Saxena, N. (eds.) RFIDSec 2014. LNCS, vol. 8651, pp. 90–107. Springer, Heidelberg (2014)
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. Cryptology ePrint Archive, Report 2013/404 (2013). http://eprint.iacr.org/
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)
Biryukov, A., Roy, A., Velichkov, V.: Differential analyis of block cipher SIMON and SPECK. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS. Springer (2014, to appear)
Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011)
Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013)
De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)
Fuhr, T., Minaud, B.: Match box meet-in-the-middle attack against KATAN. In: FSE 2014. Springer (2014, to appear)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)
Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)
Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244–263. Springer, Heidelberg (2012)
Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)
Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 202–221. Springer, Heidelberg (2013)
Wang, N., Wang, X., Jia, K., Zhao, J.: Improved Differential Attacks on Reduced SIMON Versions. http://eprint.iacr.org/2014/448
Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)
Acknowledgement
The authors would like to thank anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (2013CB834203), the National Natural Science Foundation of China (Grants 61070172), the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702, and the State Key Laboratory of Information Security, Chinese Academy of Sciences.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Details for the Attack on SIMON32/64
A Details for the Attack on SIMON32/64
-
\(K_1\) involves 61 round key bits (dimension 61) as follows:
\(K_{0}^0, K_{1}^0, K_{2}^0, K_{3}^0, K_{4}^0, K_{5}^0, K_{6}^0, K_{7}^0, K_{8}^0, K_{9}^0, K_{10}^0, K_{11}^0, K_{12}^0, K_{13}^0, K_{14}^0, K_{15}^0,\)
\(K_{0}^1, K_{1}^1, K_{2}^1, K_{3}^1, K_{4}^1, K_{5}^1, K_{6}^1, K_{7}^1, K_{8}^1, K_{9}^1, K_{10}^1, K_{11}^1, K_{12}^1, K_{13}^1, K_{14}^1, K_{15}^1,\)
\(K_{0}^2, K_{2}^2, K_{3}^2, K_{4}^2, K_{5}^2, K_{6}^2, K_{7}^2, K_{9}^2, K_{10}^2, K_{11}^2,K_{12}^2,K_{13}^2,K_{14}^2,\)
\(K_{4}^3, K_{5}^3, K_{6}^3, K_{8}^3, K_{11}^3, K_{12}^3, K_{13}^3, K_{14}^3, K_{15}^3,\)
\(K_{0}^4, K_{6}^4, K_{7}^4, K_{13}^4, K_{14}^4,\)
\(K_{8}^5, K_{15}^5.\)
-
The match box involves 29 round keys generated by \(K2\):
\(rk^9_8, rk^9_{15}, rk^{10}_0, rk^{10}_6, rk^{10}_7, rk^{10}_{13}, rk^{10}_{14}, rk^{11}_4, rk^{11}_5, rk^{11}_6, rk^{11}_8, rk^{11}_{11}, rk^{11}_{12}, \)
\(rk^{11}_{13}, rk^{11}_{14}, rk^{11}_{15}, rk^{12}_{0}, rk^{12}_5, rk^{12}_6, rk^{12}_7, rk^{12}_{11}, rk^{12}_{12}, rk^{12}_{13}, rk^{12}_{14}, rk^{13}_8, rk^{13}_{13}, \)
\(rk^{13}_{15}, rk^{13}_{14}, rk^{14}_0. \)
-
\(K_2\) involves 67 round key bits (dimension 61) as follows:
\(K_{2}^{12}, K_{3}^{12}, K_{4}^{12}, K_{6}^{12}, K_{7}^{12}, K_{10}^{12}, \)
\(K_{0}^{13}, K_{1}^{13}, K_{2}^{13}, K_{3}^{13}, K_{4}^{13}, K_{5}^{13}, K_{6}^{13}, K_{7}^{13}, K_{8}^{13}, K_{9}^{13}, K_{10}^{13}, K_{11}^{13}, K_{12}^{13},\)
\(K_{0}^{14}, K_{1}^{14}, K_{2}^{14}, K_{3}^{14}, K_{4}^{14}, K_{5}^{14}, K_{6}^{14}, K_{7}^{14}, K_{8}^{14}, K_{9}^{14}, K_{10}^{14}, K_{11}^{14}, K_{12}^{14}, K_{13}^{14},\)
\(K_{14}^{14}, K_{15}^{14},\)
\(K_{0}^{15}, K_{1}^{15}, K_{2}^{15}, K_{3}^{15}, K_{4}^{15}, K_{5}^{15}, K_{6}^{15}, K_{7}^{15}, K_{8}^{15}, K_{9}^{15}, K_{10}^{15}, K_{11}^{15}, K_{12}^{15}, K_{13}^{15}, \)
\(K_{14}^{15}, K_{15}^{15},\)
\(K_{0}^{16}, K_{1}^{16}, K_{2}^{16}, K_{3}^{16}, K_{4}^{16}, K_{5}^{16}, K_{6}^{16}, K_{7}^{16}, K_{8}^{16}, K_{9}^{16}, K_{10}^{16}, K_{11}^{16}, K_{12}^{16}, K_{13}^{16}, \)
\(K_{14}^{16}, K_{15}^{16}.\)
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Song, L., Hu, L., Ma, B., Shi, D. (2015). Match Box Meet-in-the-Middle Attacks on the SIMON Family of Block Ciphers. In: Eisenbarth, T., Öztürk, E. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2014. Lecture Notes in Computer Science(), vol 8898. Springer, Cham. https://doi.org/10.1007/978-3-319-16363-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-16363-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16362-8
Online ISBN: 978-3-319-16363-5
eBook Packages: Computer ScienceComputer Science (R0)