On the Design Rationale of SIMON Block Cipher: Integral Attacks and Impossible Differential Attacks against SIMON Variants
Summary :
SIMON is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original SIMON has rotation constants of (1,8,2), and Kölbl et al. regarded the constants as a parameter (a,b,c), and analyzed the security of SIMON block cipher variants against differential and linear attacks for all the choices of (a,b,c). This paper complements the result of Kölbl et al. by considering integral and impossible differential attacks. First, we search the number of rounds of integral distinguishers by using a supercomputer. Our search algorithm follows the previous approach by Wang et al., however, we introduce a new choice of the set of plaintexts satisfying the integral property. We show that the new choice indeed extends the number of rounds for several parameters. We also search the number of rounds of impossible differential characteristics based on the miss-in-the-middle approach. Finally, we make a comparison of all parameters from our results and the observations by Kölbl et al. Interesting observations are obtained, for instance we find that the optimal parameters with respect to the resistance against differential attacks are not stronger than the original parameter with respect to integral and impossible differential attacks. Furthermore, we consider the security against differential attacks by considering differentials. From the result, we obtain a parameter that is potential to be better than the original parameter with respect to security against these four attacks.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E101-A No.1 pp.88-98
- Publication Date
- 2018/01/01
- Publicized
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.E101.A.88
- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)
- Category
Authors
Kota KONDO
Nagoya University
Yu SASAKI
NTT Corporation
Yosuke TODO
NTT Corporation
Tetsu IWATA
Nagoya University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Kota KONDO, Yu SASAKI, Yosuke TODO, Tetsu IWATA, "On the Design Rationale of SIMON Block Cipher: Integral Attacks and Impossible Differential Attacks against SIMON Variants" in IEICE TRANSACTIONS on Fundamentals,
vol. E101-A, no. 1, pp. 88-98, January 2018, doi: 10.1587/transfun.E101.A.88.
Abstract: SIMON is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original SIMON has rotation constants of (1,8,2), and Kölbl et al. regarded the constants as a parameter (a,b,c), and analyzed the security of SIMON block cipher variants against differential and linear attacks for all the choices of (a,b,c). This paper complements the result of Kölbl et al. by considering integral and impossible differential attacks. First, we search the number of rounds of integral distinguishers by using a supercomputer. Our search algorithm follows the previous approach by Wang et al., however, we introduce a new choice of the set of plaintexts satisfying the integral property. We show that the new choice indeed extends the number of rounds for several parameters. We also search the number of rounds of impossible differential characteristics based on the miss-in-the-middle approach. Finally, we make a comparison of all parameters from our results and the observations by Kölbl et al. Interesting observations are obtained, for instance we find that the optimal parameters with respect to the resistance against differential attacks are not stronger than the original parameter with respect to integral and impossible differential attacks. Furthermore, we consider the security against differential attacks by considering differentials. From the result, we obtain a parameter that is potential to be better than the original parameter with respect to security against these four attacks.
URL: https://globals.ieice.org/en_transactions/fundamentals/10.1587/transfun.E101.A.88/_p
Copy
@ARTICLE{e101-a_1_88,
author={Kota KONDO, Yu SASAKI, Yosuke TODO, Tetsu IWATA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On the Design Rationale of SIMON Block Cipher: Integral Attacks and Impossible Differential Attacks against SIMON Variants},
year={2018},
volume={E101-A},
number={1},
pages={88-98},
abstract={SIMON is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original SIMON has rotation constants of (1,8,2), and Kölbl et al. regarded the constants as a parameter (a,b,c), and analyzed the security of SIMON block cipher variants against differential and linear attacks for all the choices of (a,b,c). This paper complements the result of Kölbl et al. by considering integral and impossible differential attacks. First, we search the number of rounds of integral distinguishers by using a supercomputer. Our search algorithm follows the previous approach by Wang et al., however, we introduce a new choice of the set of plaintexts satisfying the integral property. We show that the new choice indeed extends the number of rounds for several parameters. We also search the number of rounds of impossible differential characteristics based on the miss-in-the-middle approach. Finally, we make a comparison of all parameters from our results and the observations by Kölbl et al. Interesting observations are obtained, for instance we find that the optimal parameters with respect to the resistance against differential attacks are not stronger than the original parameter with respect to integral and impossible differential attacks. Furthermore, we consider the security against differential attacks by considering differentials. From the result, we obtain a parameter that is potential to be better than the original parameter with respect to security against these four attacks.},
keywords={},
doi={10.1587/transfun.E101.A.88},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - On the Design Rationale of SIMON Block Cipher: Integral Attacks and Impossible Differential Attacks against SIMON Variants
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 88
EP - 98
AU - Kota KONDO
AU - Yu SASAKI
AU - Yosuke TODO
AU - Tetsu IWATA
PY - 2018
DO - 10.1587/transfun.E101.A.88
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E101-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2018
AB - SIMON is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original SIMON has rotation constants of (1,8,2), and Kölbl et al. regarded the constants as a parameter (a,b,c), and analyzed the security of SIMON block cipher variants against differential and linear attacks for all the choices of (a,b,c). This paper complements the result of Kölbl et al. by considering integral and impossible differential attacks. First, we search the number of rounds of integral distinguishers by using a supercomputer. Our search algorithm follows the previous approach by Wang et al., however, we introduce a new choice of the set of plaintexts satisfying the integral property. We show that the new choice indeed extends the number of rounds for several parameters. We also search the number of rounds of impossible differential characteristics based on the miss-in-the-middle approach. Finally, we make a comparison of all parameters from our results and the observations by Kölbl et al. Interesting observations are obtained, for instance we find that the optimal parameters with respect to the resistance against differential attacks are not stronger than the original parameter with respect to integral and impossible differential attacks. Furthermore, we consider the security against differential attacks by considering differentials. From the result, we obtain a parameter that is potential to be better than the original parameter with respect to security against these four attacks.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
