Summary: This paper proposes applying differential fault analysis (DFA) to the Simon family of lightweight block ciphers. We perform DFA by examining the characteristics of the AND operation which is a non-linear function of Simon. Then, we evaluate in detail the number of fault injections required to obtain a secret key. To the best of our knowledge, we are the first to show how to extract the entire secret key for all parameters in the Simon family using a practical fault model based on random faults. As an example, for Simon with a \(128\)-bit block size and a \(128\)-bit secret key, we can extract the entire secret key using \(7.82\) fault injections on average. The results of simulations performed on a PC show that the average number of fault injections required to retrieve a round key agrees with that based on theoretical results. We believe that this study gives new insight into the field of fault analysis because Simon has a property specific to non-linear functions in that it uses the AND operation while not using a substitution box which most block ciphers employ.
For the entire collection see [Zbl 1318.68031].