Citation Context

...192/256 11/13/14 [24] small complexity flaws corrected attacks work [38] (without FL/FL−1 layers) LBlock 22 [27] small complexity flaw corrected attack works [28] Simon (all versions) 14/15/15/16/16/ =-=[4]-=- data complexity higher attacks do not work Table 1 of [4] 19/19/22/22/22 than codebook Simon (all versions) 13/15/17/20/25/ [1, 2] big flaw in computation attacks do not work Appendix A.2 Table 1. Su...

Citation Context

...s not provide any security evaluation of the two ciphers and no analysis of their cryptographic strength is given. Recently several external cryptanalytic results on Simon and Speck became available: =-=[3,2,1]-=-. The first two in particular analyze the differential properties of the ciphers and describe key-recovery attacks on reduced round variants. Our Contribution. In this paper we further investigate the...

Citation Context

...deduce ∆X3[24], and keep the pairs when ∆X3[24] = 0. There are about 2 7−2 = 25 remaining pairs on average. 4. Guess some subkey bits the 17th round listed in the 4th column of Table 3 to compute ∆X17=-=[2, 8, 0, 9, 15]-=- one by one, and eliminate the pairs which are not content with the conditions. There are about 25−5 = 1 pairs left. 5. For the 16th round, compute ∆X18[3] and ∆X19[5]. There are 4 types of subkey whi...

Citation Context

...s of Kikl are determined from the 9 FF 1616 11-Round Linear CharacteristicsF F F i 2 LX - i 2 RX - ( )i 1K [0,1, 2,6,8,9,10,12,13]- ( )iK [2,10,14] ( )iLX [2,10,14] ( )iRX [0,8] ( ) ( ) i 12 R i 13 X =-=[2,3,6,10,12]-=- 6K [2,3, ,12],10 + + ( )i 12 4K + i 14 LX + i 14 RX + ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) i i 1 i 2 4i i R L i 4 i 5 i 6 i 8 i 11 i 11 8 10 10 R L 4 i 9 i 10 i 11 8 4 K [0,8] K [2...

Citation Context

...ively. SIMECKN/K denotes a variant of SIMECK that has a block size of N bits and a key size of K bits. Although, several works investigated the security of SIMON and SPECK against differential attack =-=[2, 3, 6, 9, 22, 24]-=-, its variants such as impossible differential attack [2–4, 6, 10, 12, 14, 15, 21, 25] and linear attack [1, 4, 5, 7, 11, 20]. However, we are not aware of any third party security analysis of SIMECK....

Citation Context

.... The key expansion is slightly more complicated, but uses similar building blocks as the round function. SIMON and SPECK have been analysed for mathematical weaknesses using a variety of techniques (=-=[2]-=-, [7], [30], [31], [4] and [1]), but none have broken the full cipher so far. Note that some publications are limited to a set of specific parameter pairs. The best result for SIMON 32/64 at this time...

Citation Context

...2/64 Linear 11 - 223 - [23] Linear (Matsui's 1st Alg.) 13 232 232 - [21] Impossible Differential 13 250:1 230 220 [23] Linear (Matsui's 2nd Alg.) 16 254 232 - [21] Differential 16 226:48 229:48 216 =-=[25]-=- Dynamic Cube 16 251:5 219 210 Sec. 5.2 Dynamic Cube 18 251 232 232 Sec. 5.2 Differential* 18 246 231:2 215 [23] Multiple Linear 18 232 232 - [21] Impossible Differential 19 262:56 232 244 [22] Differ...

Citation Context

...esseswere found. Perhaps more importantly, the algorithms have been pretty heavily scrutinized by the international cryptographic community for the last two years (see, e.g., [2], [3], [5], [4], [1], =-=[6]-=-, [15], [16], [20], [27], [29], [37], [47], [51], [53], [56], [59], [62], [60], [30], [7], [25], [42], [24]). Table 1 summarizes the cryptanalytic results as of this writing that attack the most round...