Rotational-XOR Rectangle Cryptanalysis on Round-Reduced Simon

Abstract EN

Recently, Ashur and Liu introduced the Rotational-XOR-difference approach which is a modification of rotational cryptanalysis, for an ARX cipher Speck (Ashur and Liu, 2016).

In this paper, we apply the Rotational-XOR-difference (RXD) approach to a non-ARX cipher Simon and evaluate its security.

First, we studied how to calculate the probability of an RXD for bitwise AND operation that the round function of Simon is based on unlike Speck is on modular addition.

Next, we prove that two RXD trails can be connected such that it becomes possible to construct a boomerang/rectangle distinguisher similar to the case using differential characteristics.

Finally, we construct related-key rectangle distinguishers for round-reduced versions of Simon with block lengths of 32, 48, and 64, and we suggest a five- or six-round key recovery attack.

To our knowledge, it is the first attempt to apply the notion of rotational cryptanalysis for a non-ARX cipher.

Although our attack does not show the best results for Simon thus far, the attempt here to define and apply a new cryptanalytic characteristic is meaningful, and we expect further improvements and applications to other ciphers to be made in subsequent studies.