[Cryptography] Simon, Speck and ISO

CodesInChaos codesinchaos at gmail.com
Sat Oct 25 07:33:41 EDT 2014

On Fri, Oct 24, 2014 at 1:53 PM, Fedor Brunner <fedor.brunner at azet.sk> wrote:
> According to Joachim Strömbergson:
> https://www.ietf.org/mail-archive/web/tls/current/msg13824.html
> SPECK and SIMON has been found to be weak against differential
> crypyanalysis:

I'm not sure if "weak against differential cryptoanalysis" is an
accurate summary of those papers.

These are attacks against round reduced versions of the ciphers, and
every blockcipher suffers from such attacks.
The important question is how many rounds are broken by these attacks.

In the case of SIMON/SPECK roughly half the rounds are broken. This
isn't exactly a confidence inspiring security margin, especially
considering that these are the first analysis results. On the other
hand it seems hardly surprising that the security margin of
lightweight primitives is lower than that of conservative designs like

If you want to argue for the exclusion of these ciphers based on these
cryptoanalytic results, it'd be nice to compare this security margin
against the margin of competing lightweight ciphers. The opinion of
experienced cryptoanalysts as to how likely it is that this analysis
can be extended to more rounds would be nice as well, even if this is
inherently subjective.

More information about the cryptography mailing list