In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON 64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 2^(86) lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96(SIMON64/128) is 2^(86.2)(2^(118.2)) with a success probability of 0.61, while the data complexity and the memory complexity are 2^(63.3) and 2^(90) bytes, respectively.
展开▼
