This study evaluates and verifies the cryptanalysis of Peyrin \textit{et al.} on the SIMON-JAMBU64/96 Authenticated Encryption (AE) scheme, with the aim of extending the attack to a reduced number of tuples. We adopt both formal analysis and experimental validation, constructing collision-based distinguishers under a chosen-IV model and testing them with a decryption oracle. The main contribution is the demonstration that a distinguishing attack can be performed with just two tuples, showing that JAMBU is more vulnerable than previously assumed. We provide a detailed comparison of data complexity, where the two-tuple attack achieves a lower cost in the second phase ($4 \cdot 2^{48}$ queries) than the three-tuple attack ($6 \cdot 2^{48}$), at the expense of extra verification effort in the third phase. Overall, our results confirm that the SIMON-JAMBU64/96 scheme is susceptible to distinguishing, plaintext forgery, and plaintext-recovery attacks, thereby reaffirming and extending the findings of Peyrin \textit{et al.} to scenarios with more limited adversarial resources.

Authenticated Encryption; Distinguishers; Forgeries; JAMBU, Nonce-Respecting; Plaintext Recovery; SIMON64/96.

1] J. Black, “Authenticated Encryption,” in Encyclopedia of Cryptography, Security and
Privacy, S. Jajodia, P. Samarati, and M. Yung, Eds. Cham: Springer Nature Switzerland,
2025, pp. 145–156. doi: 10.1007/978-3-030-71522-9_548. Available online.
[2] M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CCM Mode
for Authentication and Confidentiality, NIST Special Publication 800-38C, 2007. doi:
https://doi.org/10.6028/NIST.SP.800-38C.
[3] M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode
(GCM) and GMAC, NIST Special Publication 800-38D, 2007. doi: https://doi.org/10
.6028/NIST.SP.800-38D.
[4] D. J. Bernstein et al., The CAESAR competition, https://competitions.cr.yp.to/cae
sar.html, 2013.
[5] Hongjun and T. Huang, “JAMBU: A Lightweight Authenticated Encryption Mode,” in
Selected Areas in Cryptography – SAC 2014, ser. Lecture Notes in Computer Science,
vol. 8781, Springer, 2014, pp. 423–438. doi: 10.1007/978-3-319-13051-4_26.
[6] IoT Analytics, State of IoT Summer 2024: Number of connected IoT devices growing 13%
to 18.8 billion globally, https://iot-analytics.com/number-connected-iot-devices/,
2024.
[7] N. Kumar, How Many IoT Devices Are There (2025–2030 Data), DemandSage, Dec. 2024.
https://www.demandsage.com/number-of-iot-devices/, 2024.
[8] Ken Research, Indonesia IoT Technology Market Outlook to 2030, https://www.kenrese
arch.com/industry-reports/indonesia-iot-technology-market, 2023.

[9] Mordor Intelligence, Indonesia IoT Market Size & Share Analysis (2025–2030), https://w
ww.mordorintelligence.com/industry-reports/indonesia-iot-market, 2024.
[10] H. Griffioen and C. Doerr, “Examining Mirai’s Battle Over the Internet of Things,” in
Proceedings of the ACM SIGSAC Conference on Computer and Communications Security,
2020. doi: 10.1145/3372297.3417277. Available online.
[11] G. Sripriyanka and A. Mahendran, “Mirai Botnet Attacks on IoT Applications: Chal-
lenges and Controls,” in Proceedings of Advances in Communication and Computational
Technology, Springer, 2021. Available online.
[12] A. Sharma, V. Mansotra, and K. Singh, “Detection of Mirai Botnet Attacks on IoT
Devices Using Deep Le arning,” Journal of Scientific Research and Technology, 2023, Full
text available at https://www.jsrtjournal.com/index.php/JSRT/article/download/49/54.
Available online.
[13] T. b. Alshammari and A. S. Alanazi, “Security threats against the internet of things at
home,” in 2021 International Conference on Electrical, Communication, and Computer
Engineering (ICECCE), 2021, pp. 1–5. doi: 10.1109/ICECCE52056.2021.9514258.
[14] B. Gus, it, ă, A. A. Anton, C. S. Stângaciu, et al., “Securing IoT edge: a survey on lightweight
cryptography, anonymous routing and communication protocol enhancements,” Interna-
tional Journal of Information Security, vol. 24, p. 149, 2025. doi: 10.1007/s10207-025-0
1071-7. Available online.
[15] M. Al-Shatari, F. A. Hussin, A. A. Aziz, T. A. E. Eisa, X.- T. Tran, and M. E. E. Dalam,
“IoT Edge Device Security: An Efficient Lightweight Authenticated Encryption Scheme
Based on LED and PHOTON,” Applied Sciences, vol. 13, no. 18, p. 10 345, 2023. doi:
10.3390/app131810345.
[16] S. Kumar, D. Kumar, R. Dangi, G. Choudhary, N. Dragoni, and I. You, “A Review of
Lightweight Security and Privacy for Resource-Constrained IoT Devices,” Computers,
Materials and Continua, vol. 78, no. 1, pp. 31–63, 2024. doi: https://doi.org/10.32604
/cmc.2023.047084. Available online.
[17] J. S. Yalli, M. H. Hasan, L. T. Jung, and S. M. Al-Selwi, “Authentication schemes for
Internet of Things (IoT) networks: A systematic review and security assessment,” Internet
of Things, vol. 30, p. 101 469, 2025. doi: https://doi.org/10.1016/j.iot.2024.101469.
Available online.
[18] D. Chakraborty and M. Nandi, “COLM under attack: A cryptanalytic exploration of
COLM variants,” Journal of Information Security and Applications, vol. 89, p. 103 936,
2025. doi: https://doi.org/10.1016/j.jisa.2024.103936. Available online.
[19] T. Peyrin, S. M. Sim, L. Wang, and G. Zhang, “Cryptanalysis of jambu,” Lecture Notes in
Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture
Notes in Bioinformatics), vol. 9054, pp. 264–281, 2015. doi: 10.1007/978-3-662-48116-
5_13. Available online.
[20] W. Stallings, Cryptography and Network Security: Principles and Practice, English, 8th ed.
Pearson, 2022, p. 832, Global Edition.
[21] Hongjun and T. Huang, The jambu lightweight authentication encryption mode (v2.1), 2016.
Available online.
[22] R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers, “The
SIMON and SPECK families of lightweight block ciphers,” 2013. Available online.
[23] R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers, “The simon
and speck lightweight block ciphers,” in Proceedings of the 52nd Annual Design Automation
Conference, ser. DAC ’15, San Francisco, California: Association for Computing Machinery,
2015. doi: 10.1145/2744769.2747946. Available online.