Weak rotational property and its application

With the rapid evolvement of cryptanalysis, attacks with multiple distinguishers have emerged gradually. Many new cryptanalytic methods such as multiple differential cryptanalysis, multiple linear cryptanalysis, multiple impossible differential cryptanalysis, multidimensional zero correlation linear cryptanalysis have been proposed, which have greatly enhanced the efficiency of corresponding attacks. During these attacks, discovering more distinguishers has always been a trivial and manual work. Many cryptographers use their expertise and experience to achieve this goal. However, in most cases, either the length of the attack or the number of distinguishers is underestimated. This paper proposes a generic method to discover more different distinguishers based on a new property called “weak rotational property”. Block ciphers with this property can easily discover more distinguishers such as truncated differential distinguishers, impossible differential distinguishers and zero correlation linear distinguishers in a theoretical approach. Then the number of equivalent distinguishers is proved in a mathematical form. As an application, this paper focuses on SIMON family ciphers to illustrate how this property improves cryptanalysis. For the section of application, first of all, SIMON family ciphers are proved to have weak rotational property. Thus the number of corresponding discovered distinguishers can be increased for SIMON. Then, some earlier observations on SIMON are extended accordingly to this new property. Finally, based on the idea of weak rotational property and equivalent-subkey technique, an improved impossible differential cryptanalysis on SIMON is proposed. For SIMON32(64)/SIMON128(128)/SIMON128(192), the rounds attacked are all extended by one round. For other variants of SIMON, current best non full codebook impossible differential attacks are derived. The successful application of weak rotational property indicates its potential in cryptanalysis.