Recently, Ashur and Liu introduced the Rotational-XOR-difference approach which is a modification of rotational cryptanalysis, for an ARX cipher Speck (Ashur and Liu, 2016). In this paper, we apply the Rotational-XOR-difference (RXD) approach to a non-ARX cipher Simon and evaluate its security. First, we studied how to calculate the probability of an RXD for bitwise AND operation that the round function of Simon is based on unlike Speck is on modular addition. Next, we prove that two RXD trails can be connected such that it becomes possible to construct a boomerang/rectangle distinguisher similar to the case using differential characteristics. Finally, we construct related-key rectangle distinguishers for round-reduced versions of Simon with block lengths of 32, 48, and 64, and we suggest a five- or six-round key recovery attack. To our knowledge, it is the first attempt to apply the notion of rotational cryptanalysis for a non-ARX cipher. Although our attack does not show the best results for Simon thus far, the attempt here to define and apply a new cryptanalytic characteristic is meaningful, and we expect further improvements and applications to other ciphers to be made in subsequent studies.

中文翻译：

---

Round-Reduced Simon的旋转XOR矩形密码分析

最近，Ashur和Liu介绍了Rotational-XOR-difference一种针对ARX密码斑点的旋转密码分析的改进方法（Ashur and Liu，2016）。在本文中，我们将旋转XOR差（RXD）方法应用于非ARX密码Simon，并评估其安全性。首先，我们研究了如何计算西蒙的舍入函数基于不同于Speck的按位与运算的RXD的概率是基于模块化加法的。接下来，我们证明了可以连接两个RXD路径，从而有可能类似于使用差分特性的情况构造回旋镖/矩形区分器。最后，我们针对块长度分别为32、48和64的Simon的精简版本构造相关密钥矩形区分符，并建议进行5或6轮密钥恢复攻击。据我们所知，这是对非ARX密码应用旋转密码分析概念的首次尝试。尽管到目前为止，我们的攻击还没有显示出对Simon最好的结果，但是在这里尝试定义和应用新的密码分析特征是有意义的，并且我们希望在后续的研究中能够进一步改进并应用于其他密码。