### Citations

131 |
cryptanalysis method for des cipher
- Linear
- 1994
(Show Context)
Citation Context ...ription of SIMECK variants structure and key scheduling can be found in [26] but it has no affect on our analysis. 3 Linear Cryptanalysis of SIMECK using the Matsui’s Algorithm 1 Linear cryptanalysis =-=[17]-=- is a classical known-plaintext attack cryptanalytic technique that was employed on several block ciphers such as FEAL-4, DES, Serpent and SAFER [13, 16, 17, 23]. In this section, we present linear ch... |

84 |
Linear approximation of block ciphers
- Nyberg
- 1995
(Show Context)
Citation Context ...and 27 rounds. Hence, in the perspective of linear cryptanalysis, SIMON provides better security margin compared to SIMECK. On the other hand, from the point of number of rounds attacked, linear hull =-=[18]-=- shows to be a more promising approach to analyze the security of SIMON [1, 11, 20] compared to other attacks. Hence, as a future work, we aim to investigate the security of SIMECK variants against th... |

53 |
The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Archive
- Beaulieu, Shors, et al.
(Show Context)
Citation Context ...words: SIMECK, SIMON, SPECK, Linear Cryptanalysis. 1 Introduction SIMECK [26] is a new family of lightweight block ciphers designed by Yang et al. and inspired by SIMON and SPECK, designed by the NSA =-=[8]-=-. The round function of SIMECK is similar to the round function of SIMON while its key schedule is more similar to the key schedule of SPECK. The aim of SIMECK is to provide optimal hardware and softw... |

29 | On Probability of Success in Linear and Differential Cryptanalysis.
- Selçuk
- 2008
(Show Context)
Citation Context ... attack 18 rounds of SIMMECK32/64 using Algorithm 2 of Matsui to recover bits of subkeys. For the data complexity of 231 and the time complexity of 263.5 the attack success probability would be 0.477 =-=[19]-=-. Table 5: The keys (in black) that should be guessed to attack 18 rounds of SIMECK32/64. The red bits are not required to be guessed and the blue bits cost guessing a half bit on average. Here i ∼ j ... |

17 | Cryptanalysis of the SIMON family of block ciphers. IACR Cryptology ePrint Archive, Report 2013/543
- Alkhzaimi, Lauridsen
- 2013
(Show Context)
Citation Context ...ively. SIMECKN/K denotes a variant of SIMECK that has a block size of N bits and a key size of K bits. Although, several works investigated the security of SIMON and SPECK against differential attack =-=[2, 3, 6, 9, 22, 24]-=-, its variants such as impossible differential attack [2–4, 6, 10, 12, 14, 15, 21, 25] and linear attack [1, 4, 5, 7, 11, 20]. However, we are not aware of any third party security analysis of SIMECK.... |

12 |
Differential cryptanalysis of round-reduced SIMON and SPECK
- Abed, List, et al.
- 2014
(Show Context)
Citation Context ...ively. SIMECKN/K denotes a variant of SIMECK that has a block size of N bits and a key size of K bits. Although, several works investigated the security of SIMON and SPECK against differential attack =-=[2, 3, 6, 9, 22, 24]-=-, its variants such as impossible differential attack [2–4, 6, 10, 12, 14, 15, 21, 25] and linear attack [1, 4, 5, 7, 11, 20]. However, we are not aware of any third party security analysis of SIMECK.... |

12 | Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon
- Boura, Naya-Plasencia, et al.
- 2014
(Show Context)
Citation Context ...e have (X i L)9 = (X i−1 L )8⊕(Xi−1R )9⊕(Ki−1)9, we can add a round to the top of the current 3-round approximation and produce a 4-round linear expression, with the bias of 116 , as follows: (Xi−1L )=-=[8, 10]-=-⊕ (Xi−1R )9 ⊕ (Xi+3L )10 ⊕ (Xi+3R )9 = (Ki−1)9 ⊕ (Ki)10 ⊕ (Ki+2)10. (6) where (X)[i1, ..., im] = (X)i1 ⊕ . . . ⊕ (X)im . Similarly, since (Xi+3L )10 = (Xi+4R )10 and with the probability of 34 we have... |

10 | Linear cryptanalysis of reduced-round versions of the SAFER block cipher family
- Jr, Preneel, et al.
- 2001
(Show Context)
Citation Context ...sing the Matsui’s Algorithm 1 Linear cryptanalysis [17] is a classical known-plaintext attack cryptanalytic technique that was employed on several block ciphers such as FEAL-4, DES, Serpent and SAFER =-=[13, 16, 17, 23]-=-. In this section, we present linear characteristics for variants of SIMECK using the Matsui’s algorithm 1 [17]. 2 In the round function of SIMECK, similar to SIMON, the only non-linear operation is t... |

8 | Y P, “A new impossible differential cryptanalysis method with six-wheeled AES
- Chen, Zhang, et al.
(Show Context)
Citation Context ...3)[6, 10]⊕ (K4)9 ⊕ (K5)[6, 8, 10] ⊕(K6)7 ⊕ (K7)[8, 10]⊕ (K8)9 ⊕ (K9)10 ⊕(K11)10 ⊕ (K12)9 ⊕ (K13)[8, 10]⊕ (K14)7 ⊕(K15)[6, 8, 10]⊕ (K16)9 ⊕ (K17)[6, 10] ⊕(K18)5 ⊕ (K19)[4, 6, 10]⊕ (K20)[3, 9] , =-=(12)-=- ( (X1R)[4, 6, 10]⊕ (X1L)[3, 9] ⊕(X21L )[3, 9]⊕ (X21R )[2, 6, 8, 10] ) = (K1)[4, 6, 10]⊕ (K2)5 ⊕ (K3)[6, 10]⊕ (K4)9⊕ (K5)[6, 8, 10]⊕ (K6)7 ⊕ (K7)[8, 10]⊕ (K8)9 ⊕(K9)10 ⊕ (K11)10 ⊕ (K12)9 ⊕ (K13... |

7 |
A known plaintext attack of FEAL-4 and FEAL6
- Tardy-Corfdir, Gilbert
- 1992
(Show Context)
Citation Context ...sing the Matsui’s Algorithm 1 Linear cryptanalysis [17] is a classical known-plaintext attack cryptanalytic technique that was employed on several block ciphers such as FEAL-4, DES, Serpent and SAFER =-=[13, 16, 17, 23]-=-. In this section, we present linear characteristics for variants of SIMECK using the Matsui’s algorithm 1 [17]. 2 In the round function of SIMECK, similar to SIMON, the only non-linear operation is t... |

6 | A New Technique for Multidimensional Linear Cryptanalysis with Applications On Reduced Round Serpent
- Cho, Hermelin, et al.
- 2008
(Show Context)
Citation Context ...sing the Matsui’s Algorithm 1 Linear cryptanalysis [17] is a classical known-plaintext attack cryptanalytic technique that was employed on several block ciphers such as FEAL-4, DES, Serpent and SAFER =-=[13, 16, 17, 23]-=-. In this section, we present linear characteristics for variants of SIMECK using the Matsui’s algorithm 1 [17]. 2 In the round function of SIMECK, similar to SIMON, the only non-linear operation is t... |

5 |
S.K.: Cryptanalysis of SIMON variants with connections
- Alizadeh, AlKhzaimi, et al.
- 2014
(Show Context)
Citation Context ...s investigated the security of SIMON and SPECK against differential attack [2, 3, 6, 9, 22, 24], its variants such as impossible differential attack [2–4, 6, 10, 12, 14, 15, 21, 25] and linear attack =-=[1, 4, 5, 7, 11, 20]-=-. However, we are not aware of any third party security analysis of SIMECK. In this paper, we present linear cryptanalysis against reduced variants of SIMECK. Contributions. In this paper, we analyze ... |

5 | L.: Automatic security evaluation and (related-key) differential characteristic search : Application to SIMON, PRESENT-80/128, LBlock, DES(L) and other bit-oriented block ciphers
- Sun, Hu, et al.
(Show Context)
Citation Context ...ively. SIMECKN/K denotes a variant of SIMECK that has a block size of N bits and a key size of K bits. Although, several works investigated the security of SIMON and SPECK against differential attack =-=[2, 3, 6, 9, 22, 24]-=-, its variants such as impossible differential attack [2–4, 6, 10, 12, 14, 15, 21, 25] and linear attack [1, 4, 5, 7, 11, 20]. However, we are not aware of any third party security analysis of SIMECK.... |

4 | Linear Cryptanalysis of Round Reduced Simon. Cryptology ePrint Archive, Report 2013/663
- Alizadeh, Bagheri, et al.
- 2013
(Show Context)
Citation Context ...s investigated the security of SIMON and SPECK against differential attack [2, 3, 6, 9, 22, 24], its variants such as impossible differential attack [2–4, 6, 10, 12, 14, 15, 21, 25] and linear attack =-=[1, 4, 5, 7, 11, 20]-=-. However, we are not aware of any third party security analysis of SIMECK. In this paper, we present linear cryptanalysis against reduced variants of SIMECK. Contributions. In this paper, we analyze ... |

4 |
Differential Cryptanalysis of Reduced-Round Simon. IACR Cryptology ePrint Archive 2013
- Abed, List, et al.
- 2013
(Show Context)
Citation Context |

4 | Improved linear trails for the block cipher simon. Cryptology ePrint Archive
- Ashur
(Show Context)
Citation Context ...rent 4-round approximation and produce a 5-round linear expression, with the bias of 116 , as follows: (Xi−1L )[8, 10]⊕ (Xi−1R )9 ⊕ (Xi+4R )[8, 10]⊕ (Xi+4L )9 = (Ki−1)9 ⊕ (Ki)10 ⊕ (Ki+2)10 ⊕ (Ki+4)9. =-=(7)-=- Following this approach we can extend this linear approximation by adding extra rounds to top and bottom and drive a linear approximation for more rounds of SIMECK. In Table 2, Table 3 and Table 4 se... |

3 | Improved Linear Hull Attack on RoundReduced Simon with Dynamic Key-Guessing Techniques.
- Chen, Wang
- 2016
(Show Context)
Citation Context ...R )[4, 6, 10] ) = (K1)5 ⊕ (K2)[6, 10]⊕ (K3)9 ⊕ (K4)[6, 8, 10] ⊕(K5)7 ⊕ (K6)[8, 10]⊕ (K7)9 ⊕ (K8)10 ⊕(K10)10 ⊕ (K11)9 ⊕ (K12)[8, 10]⊕ (K13)7 ⊕(K14)[6, 8, 10]⊕ (K15)9 ⊕ (K16)[6, 10]⊕ (K17)5 , =-=(11)-=- Given these linear characteristics, we can add another round to their top and a round to their bottom to extend the attack up to 18 and 19 rounds respectively, free of extra approximation. Hence, usi... |

3 |
Improved Differential Cryptanalysis of Round-Reduced Speck
- Dinur
- 2014
(Show Context)
Citation Context ...4, 6, 10] ⊕(X16L )9 ⊕ (X16R )[6, 10] ) = (K1)5 ⊕ (K2)[6, 10]⊕ (K3)9 ⊕ (K4)[6, 8, 10] ⊕(K5)7 ⊕ (K6)[8, 10]⊕ (K7)9 ⊕ (K8)10 ⊕(K10)10 ⊕ (K11)9 ⊕ (K12)[8, 10]⊕ (K13)7 ⊕(K14)[6, 8, 10]⊕ (K15)9 , =-=(15)-=- Table 6: The keys (in black) that should be guessed to attack 23 rounds of SIMECK48/96. Notations are similar to the notations used in Table 5. AL AR active subkeys’ bits AGK. -3 23∼12,10∼0 23∼17,15,... |

3 | Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. IACR Cryptology ePrint Archive - Sun, Hu, et al. - 2014 |

3 | Y.: Cryptanalysis of Reduced-Round SIMON32 and SIMON48 - Wang, Liu, et al. |

3 | The Simeck family of lightweight block ciphers
- Yang, Zhu, et al.
- 2015
(Show Context)
Citation Context ... respectively, compare them with known attacks on 18, 19 and 21 rounds SIMON32/64, SIMON48/96 and SIMON64/128 respectively. Keywords: SIMECK, SIMON, SPECK, Linear Cryptanalysis. 1 Introduction SIMECK =-=[26]-=- is a new family of lightweight block ciphers designed by Yang et al. and inspired by SIMON and SPECK, designed by the NSA [8]. The round function of SIMECK is similar to the round function of SIMON w... |

2 |
V.: Differential Analysis of Block Ciphers
- Biryukov, Roy, et al.
- 2014
(Show Context)
Citation Context ...ui’s Algorithm 1, with the data complexity of 260 and 264, the adversary can retrieve 1 bit of the key with the success probability of 0.997 and 0.841 respectively. ( (X2R)5 ⊕ (X2L)[4, 6, 10] ⊕(X20L )=-=[3, 9]-=-⊕ (X20R )[2, 6, 8, 10] ) = (K2)5 ⊕ (K3)[6, 10]⊕ (K4)9 ⊕ (K5)[6, 8, 10] ⊕(K6)7 ⊕ (K7)[8, 10]⊕ (K8)9 ⊕ (K9)10 ⊕(K11)10 ⊕ (K12)9 ⊕ (K13)[8, 10]⊕ (K14)7 ⊕(K15)[6, 8, 10]⊕ (K16)9 ⊕ (K17)[6, 10] ⊕(K1... |

2 |
Combined algebraic and truncated differential cryptanalysis on reduced-round simon
- Courtois, Mourouzis, et al.
- 2014
(Show Context)
Citation Context ...f rounds at the beginning and the end of the cipher and determine the correlation of the following linear relation to filter the wrong subkeys: (XiR)7 ⊕ (XiL)[6, 8, 10]⊕ (Xi+11L )9 ⊕ (Xi+11R )[6, 10] =-=(14)-=- With respect to Table 5, we can append a round to the beginning of the cipher to find a new 12-round linear characteristic. Since SIMECK injects the subkey at the end of its round function, then this... |