Observations On The Simon Block Cipher Family

In this paper we analyse the general class of functions underlying the SIMON block cipher. In particular, we derive efficiently computable and easily implementable expressions for the exact differential and linear behaviour of SIMON-like round functions.Following up on this, we use those expressions for a computer aided approach based on SAT/SMT solvers to find both optimal differential and linear characteristics for SIMON. Furthermore, we are able to find all characteristics contributing to the probability of a differential for SIMON32 and give better estimates for the probability for other variants.Finally, we investigate a large set of SIMON variants using different rotation constants with respect to their resistance against differential and linear cryptanalysis. Interestingly, the default parameters seem to be not always optimal.