Dual Relationship Between Impossible Differentials and Zero Correlation Linear Hulls of SIMON-Like Ciphers

摘要

As far as we know, for impossible differentials and zero correlation linear hulls of SIMON-like ciphers (denoted as SIMON in our paper), the distinguishers previously constructed by the miss-in-the-middle technique are all based on bit-level contradictions. Under this condition, our results on the two kinds of distinguishers are presented as follows: Firstly, by introducing both the diffusion matrix and the dual cipher of SIMON, we establish some links between impossible differentials and zero correlation linear hulls for SIMON and its dual cipher. For SIMON, we prove that there is a one-to-one correspondence between impossible differentials and zero correlation linear hulls. Meanwhile, for SIMON and its dual cipher, we show that there is also a one-to-one correspondence between impossible differentials of one cipher and zero correlation linear hulls of the dual one. Secondly, we show that impossible differentials and zero correlation linear hulls of SIMON can be constructed by a matrix calculation approach. Finally, when applying our method to SIMON with some specific parameters, we show that SIMON with parameter (1,0,2) recommended at CRYPTO 2015 is worse than the original SIMON with respect to security against impossible differential and zero correlation linear cryptanalysis.