IET Information Security (May 2022)
On the upper bound of squared correlation of SIMON‐like functions and its applications
Abstract
Abstract SIMON is one of the lightweight block ciphers designed by the National Security Agency in 2013, and a technical report including security analysis was published by the design team nearly 4 years later. As for the linear attack, it is claimed that ‘the single‐path probabilities (and linear correlations) dip below 2−block size for 12, 16, 20, 29, and 38 rounds for SIMON32, 48, 64, 96, and 128, respectively’. However, the design team does not show details on how to get the result and there are also no published papers verified the result yet. In the present paper, an upper bound of squared correlation of SIMON‐like functions is given. As an important application of this bound, how to find optimal linear characteristics of SIMON and SIMECK under the Markov assumption with Matsui's branch‐and‐bound algorithm is shown. The authors’ results confirm the claim of the design team. Furthermore, the best‐known linear‐hull distinguishers for SIMON and SIMECK is also given.