Improved Automatic Search Algorithm for Differential and Linear Cryptanalysis on SIMECK and the Applications

摘要

In CHES'15, Yang et al. proposed a family of lightweight block cipher SIMECK which combines the good designs of SIMON and SPECK. In this paper, we analysis the properties of the round function of SIMECK, and eliminate the repeated use of rotational independence judgment condition in Liu's algorithm that proposed in FSE'17, constructing the partial difference distribution table with limited Hamming weight of input difference to improve the search results. We get new differentials of 14/21/27 rounds for SIMECK32/48/64 which can provide higher probability than previous results, and find a new 28 rounds differential for SIMECK64. We also get new 13/21/27 rounds linear hulls with higher square correlation for SIMECK32/48/64, and we find new 14/22/28 rounds linear hulls for SIMECK32/48/64, which are the best linear hulls of SIMECK as far as we know. With the application of the new distinguishers and combination with the dynamic key-guessing techniques, we mount key recovery attacks on SIMECK variants, which can reduce the computational complexity and/or data complexity.