Abstract
Recently, Ashur and Liu introduced the Rotational-XOR-difference approach which is a modification of rotational cryptanalysis, for an ARX cipher Speck (Ashur and Liu, 2016). In this paper, we apply the Rotational-XOR-difference (RXD) approach to a non-ARX cipher Simon and evaluate its security. First, we studied how to calculate the probability of an RXD for bitwise AND operation that the round function of Simon is based on unlike Speck is on modular addition. Next, we prove that two RXD trails can be connected such that it becomes possible to construct a boomerang/rectangle distinguisher similar to the case using differential characteristics. Finally, we construct related-key rectangle distinguishers for round-reduced versions of Simon with block lengths of 32, 48, and 64, and we suggest a five- or six-round key recovery attack. To our knowledge, it is the first attempt to apply the notion of rotational cryptanalysis for a non-ARX cipher. Although our attack does not show the best results for Simon thus far, the attempt here to define and apply a new cryptanalytic characteristic is meaningful, and we expect further improvements and applications to other ciphers to be made in subsequent studies.
Highlights
In a cryptosystem for confidentiality, the block cipher is a necessary building block for core functionality
We find that the propagation of the RX pair due to the operations used in Simon is similar to those of the ordinary differential characteristics and we show that the probability of boomerang/rectangle characteristics using RXD can be calculated to the boomerang/rectangle characteristic using the ordinary differential characteristics. erefore, we can construct boomerang/rectangle characteristics using two RXD trails
As an example of Simon-32/64, we found that there exist eight-round RXD trails which start at eighth and sixteenth rounds. erefore, we successfully combined them for the rectangle distinguisher with the maximum probability (2− 6 · 2− 6)2 · 2− 32 2− 56
Summary
In a cryptosystem for confidentiality, the block cipher is a necessary building block for core functionality. Another design strategy is to use the bitwise AND operation for nonlinear part of an algorithm This approach is somewhat less popular than ARX, outstanding hardware-oriented ciphers such as KATAN/KTANTAN [7], Simon [4], and Simeck [8] utilize this strategy. Security and Communication Networks differences (RXD) ((a1, a2), c), where x is a random variable and a1 and a2 are constants They presented a closed formula for calculating the RX probability occurred upon a modular addition. We attempt to apply Ashur’s constant injecting approach to a non-ARX cipher Simon which is based on the bitwise AND operation.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
