Pen and Paper Arguments for SIMON and SIMON-like Designs

In this work, we analyze the resistance of Simon-like ciphers against differential attacks without using computer-aided methods. In this context, we first define the notion of a Simon-like cipher as a generalization of the Simon design. For certain instances, we present a method for proving the resistance against differential attacks by upper bounding the probability of a differential characteristic by 2(-2T+ 2) where T denotes the number of rounds. Interestingly, if 2n denotes the block length, our result is sufficient in order to bound the probability by 2(-2n) for all full-round variants of Simon and Simeck. Thus, it guarantees security in a sense that, even having encryptions of the full codebook, one cannot expect a differential characteristic to hold. The important difference between previous works is that our proof can be verified by hand and thus contributes towards a better understanding of the design. However, it is to mention that we do not analyze the probability of multi-round differentials. Although there are much better bounds known, especially for a high number of rounds, they are based on experimental search like using SAT/SMT solvers. While those results have already shown that Simon can be considered resistant against differential cryptanalysis, our argument gives more insights into the design itself. As far as we know, this work presents the first non-experimental security argument for full-round versions of several Simon-like instances.