Differential fault attack on SIMON with very few faults

Document Type

Conference Article

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)


SIMON, a block cipher proposed by NSA (2013), has received a lot of attention from the cryptology community. Several cryptanalytic results have been presented on its reduced-round variants. In this work, we evaluate the cipher against Differential Fault Attack (DFA). Our analysis shows that SIMON32/64, SIMON48/96 and SIMON64/128 can be attacked by injecting as little as 4, 6 and 9 faults respectively. We first describe the process of identifying the fault locations after injecting random faults. This exploits statistical correlations. Then we show how one can recover the complete key using SAT solvers. To the best of our knowledge, our results are much superior in terms of minimal number of faults compared to the existing results. We also show our results are superior in terms of injecting the faults in the earlier rounds compared to the existing works.

First Page


Last Page




Publication Date


This document is currently not available here.