Improved differential attack on 30-round SIMON64

Gaoli Wang; Nan Gan; Yue Li

doi:10.1007/s11859-016-1141-1

Improved differential attack on 30-round SIMON64

Gaoli Wang^*
, Nan Gan
, Yue Li

^*此作品的通讯作者

Donghua University

科研成果: 期刊稿件 › 文章 › 同行评审

1 引用（Scopus）

摘要

In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 2⁸⁶ lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 2^86.2 (2^118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 2^63.3 and 2⁹⁰ bytes, respectively.

源语言	英语
页（从-至）	75-83
页数	9
期刊	Wuhan University Journal of Natural Sciences
卷	21
期	1
DOI	https://doi.org/10.1007/s11859-016-1141-1
出版状态	已出版 - 1 2月 2016
已对外发布	是

访问文件

10.1007/s11859-016-1141-1

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{81b4ab260ad64226870fce729053ab00,

title = "Improved differential attack on 30-round SIMON64",

abstract = "In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.",

keywords = "SIMON, bit condition, differential attack, lightweight block cipher",

author = "Gaoli Wang and Nan Gan and Yue Li",

note = "Publisher Copyright: {\textcopyright} 2016, Wuhan University and Springer-Verlag Berlin Heidelberg.",

year = "2016",

month = feb,

day = "1",

doi = "10.1007/s11859-016-1141-1",

language = "英语",

volume = "21",

pages = "75--83",

journal = "Wuhan University Journal of Natural Sciences",

issn = "1007-1202",

publisher = "EDP Sciences",

number = "1",

}

TY - JOUR

T1 - Improved differential attack on 30-round SIMON64

AU - Wang, Gaoli

AU - Gan, Nan

AU - Li, Yue

PY - 2016/2/1

Y1 - 2016/2/1

N2 - In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.

AB - In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.

KW - SIMON

KW - bit condition

KW - differential attack

KW - lightweight block cipher

UR - https://www.scopus.com/pages/publications/84953871344

U2 - 10.1007/s11859-016-1141-1

DO - 10.1007/s11859-016-1141-1

M3 - 文章

AN - SCOPUS:84953871344

SN - 1007-1202

VL - 21

SP - 75

EP - 83

JO - Wuhan University Journal of Natural Sciences

JF - Wuhan University Journal of Natural Sciences

IS - 1

ER -

Improved differential attack on 30-round SIMON64

摘要

访问文件

其它文件与链接

指纹

引用此