Improved differential attack on 30-round SIMON64

Gaoli Wang; Nan Gan; Yue Li

doi:10.1007/s11859-016-1141-1

Improved differential attack on 30-round SIMON64

Gaoli Wang^*
, Nan Gan
, Yue Li

^*Corresponding author for this work

Donghua University

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 2⁸⁶ lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 2^86.2 (2^118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 2^63.3 and 2⁹⁰ bytes, respectively.

Original language	English
Pages (from-to)	75-83
Number of pages	9
Journal	Wuhan University Journal of Natural Sciences
Volume	21
Issue number	1
DOIs	https://doi.org/10.1007/s11859-016-1141-1
State	Published - 1 Feb 2016
Externally published	Yes

Keywords

SIMON
bit condition
differential attack
lightweight block cipher

Access to Document

10.1007/s11859-016-1141-1

Cite this

@article{81b4ab260ad64226870fce729053ab00,

title = "Improved differential attack on 30-round SIMON64",

abstract = "In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.",

keywords = "SIMON, bit condition, differential attack, lightweight block cipher",

author = "Gaoli Wang and Nan Gan and Yue Li",

note = "Publisher Copyright: {\textcopyright} 2016, Wuhan University and Springer-Verlag Berlin Heidelberg.",

year = "2016",

month = feb,

day = "1",

doi = "10.1007/s11859-016-1141-1",

language = "英语",

volume = "21",

pages = "75--83",

journal = "Wuhan University Journal of Natural Sciences",

issn = "1007-1202",

publisher = "EDP Sciences",

number = "1",

}

TY - JOUR

T1 - Improved differential attack on 30-round SIMON64

AU - Wang, Gaoli

AU - Gan, Nan

AU - Li, Yue

PY - 2016/2/1

Y1 - 2016/2/1

N2 - In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.

AB - In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.

KW - SIMON

KW - bit condition

KW - differential attack

KW - lightweight block cipher

UR - https://www.scopus.com/pages/publications/84953871344

U2 - 10.1007/s11859-016-1141-1

DO - 10.1007/s11859-016-1141-1

M3 - 文章

AN - SCOPUS:84953871344

SN - 1007-1202

VL - 21

SP - 75

EP - 83

JO - Wuhan University Journal of Natural Sciences

JF - Wuhan University Journal of Natural Sciences

IS - 1

ER -

Improved differential attack on 30-round SIMON64

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this