Best Paper Award

On the Design Rationale of Simon Block Cipher: Integral Attacks and Impossible Differential Attacks against Simon Variants

Kota KONDO, Yu SASAKI, Yosuke TODO, Tetsu IWATA

[IEICE TRANS. FUNDAMENTALS, VOL.E101-A, NO.1 JANUARY 2018]

  This paper provides detailed security analysis of SIMON, a lightweight block cypher designed by the NSA.
  Various IoT and sensor devices with low computation resources and low power capacity are used, thus lightweight cryptography has been discussed actively. SIMON is a lightweight block cipher designed by NSA in 2013. Since SIMON achieves overwhelming performance, it has attracted a lot of attention. Kölbl et al. regarded three rotation constants (1, 8, 2) of SIMON as a parameter (a, b, c). They evaluated the security of SIMON variants against differential and linear cryptanalysis for all choices of (a, b, c).
  This paper evaluated the security of SIMON variants against integral and impossible differential attacks. The authors searched the number of rounds of integral distinguishers using a supercomputer. The method of choosing 231 plaintexts by Wang et al. does not cover all cases, and thus may fail to find an optimal attack. This paperfs analysis enlarges the search space so that wider classes of 231 plaintext sets are examined.
  As a result, this paper shows that (a, b, c) = (5, 12, 3) is a possible alternative parameter to the original parameter. The alternate parameter is important for the actual usage of SIMON for the preparation of future detailed attack analyses. Due to the major contributions described above, this paper deserves the IEICE Best Paper Award.
Close