| With the development of science and technology, mobile phones, laptops and tablet computers are becoming increasingly common. As those products bring convenience to people, more and more security risk is emerged. Cryptography is very important to protect peoples’ secret. Unfortunately, the block cipher like AES which used on the large equipment is not suit to lightweight equipment such as mobile phone and ID card. As a result, more and more lightweight block ciphers are appearing. At the same time, analysis of lightweight block cipher is becoming more and more popular. In this paper, we mainly study the security of the lightweight block ciphers SIMON and mCrypton.Firstly, we introduce the meet-in-the-middle attack on mCrypton. In this paper we give the meet-in-the-middle(MITM) attack on 8-round, which improves the best MITM attack result on mCrypton-96 by 1 round. When analyzing the security of block ciphers, using key relations to reduce the time comp Lexity, memory complexity and data complexity is a common method. From the property of the key schedule of mCrypton-96, we know that each round key could calculate some information of the internal register by the algebraic structure of the key schedule, and some round keys could be deduced from the other round keys. By using the relationship of key scheduLe and the properties of S-box, we present a MITM attack on 8-round mCrypton-96 based on the 4-round distinguisher by adding 1 round on the top and 3 rounds at the bottom. The time, memory and data complexities of the attack are 293.5 encryptions, 247 B and 257 chosen plaintexts respectively.Secondly, we introduce the differential attack on SIMON. In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which proposed by Itai et al.in 2015 to construct a 30-round extended differential characteristic by adding 4 rounds on the top and 3 round at the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 Lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96(SIMON64/128) is 286.2(2118.2) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes respectively.Thirdly, we introduce the impossible differential attack on mCrypton. we reference [14, 15] and then give the impossible differential attacks on 7-rounds mCrypton based on the 4- rounds impossible differential on the mCrypton. And then we further reduce the time complexity and the data complexity through the properties of S box and others means. The time complexity is 257, the data complexity is 254.3, the memory complexity is249.3. |
PDF Full Text Request