Structural Evaluation for Simon-Like Designs Against Integral Attack

In 2013, NSA published a lightweight block cipher family, Simon, but left the security analysis and the design rationale as open problems. Kolbl et al. generalized Simon by regarding its rotation constants as a parameter and discussed the security of these Simon-like ciphers against differential and linear attacks in Crypto 2015. In this paper, we investigate both the security of Simon-like ciphers against integral attack as well as the design choice of NSA. Firstly, we use the inside-out approach to find the integral distinguishers for all Simon-like ciphers with arbitrary block size and rotation parameter. Based on the results, we derive the distribution of all possible parameters with respect to their distinguishers. Moreover, we give a comparison of the parameters by considering their behaviour in various block sizes, and therefore obtain 120 parameters that are equal or superior to the standard parameter. Finally, we discover an inherent flaw of re-using the round function in the key schedule, especially for the Simon-like ciphers. It can possibly explain why NSA does not adopt such an efficient design.