[Cryptography] Simon, Speck and ISO

Jerry Leichter leichter at lrw.com
Fri Oct 24 23:37:50 EDT 2014


On Oct 24, 2014, at 5:19 PM, Kristian Gjøsteen <kristian.gjosteen at math.ntnu.no> wrote:
>> According to Joachim Strömbergson:
>> 
>> https://www.ietf.org/mail-archive/web/tls/current/msg13824.html
>> 
>> SPECK and SIMON has been found to be weak against differential
>> crypyanalysis:
>> 
>> https://eprint.iacr.org/2013/568.pdf
>> 
>> https://eprint.iacr.org/2013/543.pdf
> 
> I looked at these papers for two minutes, and as far as I can tell, they report attacks on reduced-round variants. Which is what you would expect.
If these are designed with the same approach as Skipjack, they will have *exactly* enough rounds to block differential cryptanalysis and perhaps some other attacks.  NSA seems to believe in designing to the edges of the envelope.  (They also appear to have more sensitive techniques than any available to the public for determining exactly where those edges lie.)

                                                        -- Jerry



More information about the cryptography mailing list