A Novel Differential Fault Analysis on the Key Schedule of SIMON Family

Jinbao Zhang,Jianhua Li,Muhammad Yahya,Ning Wu,Fang Zhou

doi:10.3390/electronics8010093

Jinbao Zhang, Jianhua Li + Show 3 more

Open Access

https://doi.org/10.3390/electronics8010093

Copy DOI

Abstract

As a family of lightweight block ciphers, SIMON has attracted lots of research attention since its publication in 2013. Recent works show that SIMON is vulnerable to differential fault analysis (DFA) and existing DFAs on SIMON assume the location of induced faults are on the cipher states. In this paper, a novel DFA on SIMON is proposed where the key schedule is selected as the location of induced faults. Firstly, we assume a random one-bit fault is induced in the fourth round key KT−4 to the last. Then, by utilizing the key schedule propagation properties of SIMON, we determine the exact position of induced fault and demonstrate that the proposed DFA can retrieve 4 bits of the last round key KT−1 on average using one-bit fault. Till now this is the largest number of bits that can be cracked as compared to DFAs based on random bit fault model. Furthermore, by reusing the induced fault, we prove that 2 bits of the penultimate round key KT−2 could be retrieved. To the best of our knowledge, the proposed attack is the first one which extracts a key from SIMON based upon DFA on the key schedule. Finally, correctness and validity of our proposed attack is verified through detailed simulation and analysis.

Highlights

In 2013, a family of lightweight block ciphers called SIMON was presented by the NationalSecurity Agency (NSA), based upon the Feistel structure
This paper proposes a novel differential fault analysis (DFA) on SIMON family
For retrieving the entire keys of the SIMON family, we make some comparisons with existing DFAs on SIMON family, as described in Tables 9 and 10

Summary

Introduction

In 2013, a family of lightweight block ciphers called SIMON was presented by the NationalSecurity Agency (NSA), based upon the Feistel structure. In 2013, a family of lightweight block ciphers called SIMON was presented by the National. SIMON can provide a better performance for both hardware and software. The block size of SIMON is denoted as 2n (the n represents the word size) with n = 16, 24, 32, 48, or 64. Since the publication of SIMON, many cryptanalysis papers about it have been presented, such as integral attack [2,3], differential attack [4,5,6], and linear attack [6,7]. Other attacks, such as differential fault analysis (DFA), have been proposed to retrieve the secret keys from SIMON [8]

Objectives

Results

Conclusion