Improved Fault Analysis on SIMON Block Cipher Family

SIMON is a new family of lightweight block ciphers proposed by the National Security Agency (NSA) in 2013. Since its publication, it has attracted much research interest and a number of analysis results have been presented. As a popular kind of implementation attack method, the fault attack also works when it is applied to SIMON. In this paper, we propose an effective fault attack on SIMON under the random byte fault model. Compared with the previous attack results, our attack can successfully recover the whole master key with injecting the faults into only one intermediate round for six instances of SIMON. In our attack, we fully utilize a class of differential propagation properties of SIMON to determine the fault injection position as long as the full diffusion of the fault has not been obtained. On the basis of it, we can recover the last round key with the differential analysis technique. The differential propagation properties make it possible to inject the faults into the earlier intermediate round at the beginning than that of the previous attacks. Meanwhile, the same faulty ciphertext set can also help to recover other round keys. So we do not have to inject the faults into any other intermediate rounds to reveal the whole master key. Moreover, in this paper we also give a detailed mathematical analysis on the average number of the fault injections under the random byte fault model. The data complexity analysis shows that less fault injections are required in our attack compared with other work under the same attack model. Finally, we also verify the effectiveness and correctness of our attack with experiments.