Fault Analysis on SIMON Family of Lightweight Block Ciphers

Abstract

This paper proposes applying differential fault analysis (DFA) to the Simon family of lightweight block ciphers. We perform DFA by examining the characteristics of the AND operation which is a non-linear function of Simon. Then, we evaluate in detail the number of fault injections required to obtain a secret key. To the best of our knowledge, we are the first to show how to extract the entire secret key for all parameters in the Simon family using a practical fault model based on random faults. As an example, for Simon with a \(128\)-bit block size and a \(128\)-bit secret key, we can extract the entire secret key using \(7.82\) fault injections on average. The results of simulations performed on a PC show that the average number of fault injections required to retrieve a round key agrees with that based on theoretical results. We believe that this study gives new insight into the field of fault analysis because Simon has a property specific to non-linear functions in that it uses the AND operation while not using a substitution box which most block ciphers employ.