Article Preview
Top1. Introduction
To fit the rapid development of Internet of Things (IoT), massive lightweight block ciphers are proposed in recent years to solve the problem of encrypting in relatively weak computing capabilities in IoT devices. Among these lightweight block ciphers, SIMON and SPECK are proposed by U.S National Security Agency in 2013 (Beaulieu et al., 2013, 2015).
At CHES 2015, another lightweight block cipher Simeck (Yang et al., 2015) was proposed by the cryptographic community in the University of Waterloo. The round function of SIMON and Simeck only differs in rotation constants.
In August 2018, NIST initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments. In this project, some proposals use modified Simeck as a basic module, such as ACE, SPIX, SPOC, which implies more potential applications on SIMON-type cipher.
SIMON was suggested to be included in ISO/IEC 29192-2 in 2015. However, although a brief design rational was appended by the designers (Beaulieu et al., 2017), it still failed to convince the experts and this standardization process is aborted. Following is one of the comments for reason of cancellation:
Working Group feels that both algorithms included in the amendment are not properly motivated and their security properties are not sufficiently understood. An attempt was made by the designers to publish a design rational (ePrint 2017/560) which was not enough to convince WG 2 experts. Requests to disclose additional information about the way the algorithms were designed were refused by the designers.
To sum up, the security level on SIMON-type cipher is one of the hot topics in cryptographic community. It is very meaningful to investigate the security level and explore the design criteria for SIMON-type cipher.
Top2. Background
The security of SIMON-type ciphers has been investigated deeply in the past several years. In this section, these related results are categorized and discussed based on the type of attack. It is noted that most of these listed results take SIMON-type cipher as the main target, and there are also dozens of more literatures regarding SIMON-type cipher as a small example, which will not be included in this section for simplicity.
For differential and linear cryptanalysis, Matsui’s algorithm was used to launch a differential cryptanalysis on SIMON (Abed et al., 2015). To reduce the number of guessed subkey bits in the key recovery phase, dynamic key-guessing technique was introduced in differential cryptanalysis and a better result on SIMON and Simeck was obtained (Qiao et al., 2017). To derive better differential trail, an efficient algorithm for searching for optimal differential trails on SIMON-type ciphers was proposed (Liu et al., 2017). Furthermore, a MILP model to search differential trails for SIMON and Simeck in related-key setting was introduced in (Wang et al., 2018). At ASIACRYPT, the clustering effect on SIMON and Simeck was investigated to derive better differentials and linear hulls in (Leurent et al., 2021). At INDOCRYPT, linear cryptanalysis on SIMON (Abdelraheem et al., 2015) and Simeck (Bagheri, 2015) were proposed. The dynamic key-guessing technique was introduced in the linear hull attack on SIMON (Chen & Wang, 2016), and a similar linear attack was proposed on Simeck (Qin et al., 2016). The theoretical upper bound for SIMON-type cipher against differential attacks without using computer-aided methods was investigated in (Beierle, 2016). The property of linear approximations of the bitwise AND operation with dependent input bits was explored and better linear characteristics for SIMON were presented (Shi et al., 2017). The repeated use of rotational independence judgment condition in (Liu et al., 2017) was eliminated and better differentials for Simeck was derived (Huang et al., 2018). A method to discover optimal linear characteristics of SIMON and Simeck under the Markov assumption based on Matsui’s branch-and-bound algorithm was proposed in (Liu et al., 2022). Besides, with the rapid development of artificial intelligence and machine learning, it has enhanced the efficiency of many different areas (Wang & Siau, 2019). In the area of the enhanced differential cryptanalysis with artificial intelligence or machine learning, many of these methods utilize SIMON-type cipher as a concrete example for illustration such as (So, 2020; Tian & Hu, 2021; Yadav & Kumar, 2021).