An efficient differential fault attack against SIMON key schedule

Abstract

SIMON, a family of lightweight block ciphers, has received much attention from the cryptology community due to its improved performance for hardware compared with that of other ciphers. A popular physical attack method, differential fault attack (DFA), works for SIMON. With the aim of improving the efficiency of attacks applied to the SIMON family, in this work, an efficient DFA against SIMON key schedule is presented under a random bit fault model. First, we analyze in detail how to identify the fault induction position. Then, on the basis of the position, we show in detail how to recover 4 bits, 7.5 bits, and 2 bits of KT-1 (the (T-1)th round key), KT-2 (the (T-2)th round key) and KT-3 (the (T-3)th round key), respectively, by inducing a one-bit fault on average in KT-5 (the (T-5)th round key). As a result, by inducing one round of faults, our attack can recover three rounds of keys. Compared with previously developed DFAs on SIMON under the random bit fault model, to recover the full keys of the SIMON family, our attack requires the fewest fault inductions and locations of the induced fault. Moreover, when the value of key words m is 2 or 3, our attack can reduce the number of required rounds of fault induction to one. Finally, simulation experiments and comparisons are carried out to demonstrate the correctness and effectiveness of our attack.