Improved rotational?XOR cryptanalysis of Simon?like block ciphers

Rotational-XOR (RX) cryptanalysis is a cryptanalytic method aimed at finding distinguishable statistical properties in Addition-Rotation-XOR-C ciphers, that is, ciphers can be described only by using modular addition, cyclic rotation, XOR and the injection of constants. In this study, we extend RX-cryptanalysis to AND-RX similar design paradigm where addition replaced vectorial bitwise AND; such include block cipher families Simon Simeck. We analyse propagation RX-differences through rounds develop closed form formula for their expected probability. Inspired MILP verification model proposed Sadeghi et al., SAT/SMT searching compatible RX-characteristics Simon-like there least one right pair messages/keys satisfy RK-characteristics. To best our knowledge, first takes RX-difference transitions value simultaneously into account ciphers. Meanwhile, investigate how choice round constants affects resistance against RX-cryptanalysis. Finally, show use an RX-distinguisher key recovery attack. Evaluating find up 20, 27 34 with respective probabilities 2?26, 2?44 2?56 versions Simeck sizes 32, 48 64 bits, respectively, large classes weak keys related-key model. most cases, these are longest published distinguishers variants case Simon, present round-reduced all 10 instances. observe equal sizes, RX-distinguishers cover fewer than Concluding paper, attack on reduced 28 23-round RX-characteristic.