Analyzing Key Schedule of Simon: Iterative Key Differences and Application to Related-Key Impossible Differentials.

The current paper analyzes the key schedule function of lightweight block cipher SIMON, which was designed by NSA in 2013. In particular, a list of all iterative key differences is provided for all members of the SIMON-family for all number of rounds. The iterative differences are searched by exploiting the fact that SIMON only adopts linear operations in the key schedule function. By using the discovered iterative key difference for SIMON32, a 15-round related-key impossible differential is constructed, which improves the previous longest 11-round impossible differentials of SIMON32 in the single-key setting by four rounds. The current paper makes better understanding of related-key security of SIMON.