Research On Symmetric-Key Cipher Automatic Analysis System And Clustering Effect In Candidate Parameters Of SIMON

As the main way to ensure the privacy of information communication,the security of symmetric ciphers is extremely important.It has become the main analysis method for cryptanalysts to analyze the security of ciphers with the help of automatic cryptanalysis tools such as SAT(Boolean Satisfiability Problems,abbreviated as SATISFIABILITY or SAT).In 2019,the Chinese Association for Cryptologic Research held the national block cipher algorithm competition.The SAT-based symmetric-key cipher automatic cryptanalysis system(called the system)was developed and used to meet the massive demand for cryptographic analysis.The system supports five cryptanalysis methods including differential,linear,impossible differential,zero-correlation linear,and integral attacks,which can help designers quickly judge whether the algorithm has the above five defects,and has been used by critical cryptographic departments and enterprises and institutions in China.In 2008,Demirci-Sel(?)uk proposed a new attack method called the Demirci-Sel(?)uk meet-in-the-middle(DS-MITM)attack.This method has achieved optimal attacks against many block ciphers,including the famous AES.It is a complex and powerful cryptanalytic method.However,the system does not support this method so far.Firstly,this paper constructs the automatic search method and the automatic key recovery model of DS meet-in-the-middle attack based on SAT,which is naturally compatible with the cryptanalysis system and enriches the cryptanalytic method of the system.By depicting the forward differential and backward determination relationship of a single cryptographic component and the intersection of these two characteristics,the model based on basic components constructed in this paper can enable cryptanalysts to attack without knowing the details of the cryptanalytic method,which greatly reduces the threshold of cryptanalysis.On the other hand,the existing system only outputs an analysis result in the form of an obscure text file,which requires a cryptanalyst to spend a lot of energy on processing.To solve this problem,this paper proposes a visualization module,which improves the readability of the analysis results of the system.By automatically drawing the path of analysis results,one can locate and correct the logical errors introduced in describing the algorithm.The construction of the system visualization module,on the one hand,liberates the cryptanalyst from the repeated analysis result extraction work,on the other hand,provides a new solution for the popularization of cryptanalysis and the result display.SIMON algorithm was proposed by the National Security Agency,which has a simple quadratic round function f(x)=(S8(x)∧ S1(x))⊕ S2(x).For SIMON-like ciphers which have different cyclic shift parameters(a,b,c),their security and software and hardware performance are also different.In Crypto 2015,K(?)lbl et al analyzed the differential and linear properties of these parameters and gave three candidate parameters.Based on the matrix-based differential or linear hull probability estimation method proposed by Leurent et al.in Asiacrypt 2021,this paper analyzes the clustering effect of these parameters(considering the stacking probability with the differential characteristics which have the same input-output).In this framework,we find that the parameter(12,5,3)has a weaker clustering effect than(7,0,2)and(1,0,2)(the probability of differential or linear hull after stacking is lower).On the other hand,if c>b,a is used to construct the matrix with the lowest w significant bit,which will lead to all zeros of the matrix and cannot get the proper results.The analysis results of the SIMON-like ciphers presented in this paper are more close to the real attack scenario and provide a reference for the selection of different cyclic shift parameters.