[Cryptography] Simon, Speck and ISO

Jerry Leichter leichter at lrw.com
Fri Oct 24 23:37:50 EDT 2014

On Oct 24, 2014, at 5:19 PM, Kristian Gjøsteen <kristian.gjosteen at math.ntnu.no> wrote:
>> According to Joachim Strömbergson:
>> https://www.ietf.org/mail-archive/web/tls/current/msg13824.html
>> SPECK and SIMON has been found to be weak against differential
>> crypyanalysis:
>> https://eprint.iacr.org/2013/568.pdf
>> https://eprint.iacr.org/2013/543.pdf
> I looked at these papers for two minutes, and as far as I can tell, they report attacks on reduced-round variants. Which is what you would expect.
If these are designed with the same approach as Skipjack, they will have *exactly* enough rounds to block differential cryptanalysis and perhaps some other attacks.  NSA seems to believe in designing to the edges of the envelope.  (They also appear to have more sensitive techniques than any available to the public for determining exactly where those edges lie.)

                                                        -- Jerry

More information about the cryptography mailing list