[Cryptography] Simon, Speck and ISO

dj at deadhat.com dj at deadhat.com
Sat Oct 25 16:46:39 EDT 2014


>
> If you want to argue for the exclusion of these ciphers based on these
> cryptoanalytic results, it'd be nice to compare this security margin
> against the margin of competing lightweight ciphers. The opinion of
> experienced cryptoanalysts as to how likely it is that this analysis
> can be extended to more rounds would be nice as well, even if this is
> inherently subjective.

All the published analysis makes them look pretty good on the
security/compute complexity tradeoff. I have nothing to show there is
anything wrong with the algorithms.

Someone at JTC1/SC7 corrected me. The spec to which it is proposed these
be added already has Clefia and PRESENT which are slower and bigger.

I'm concerned with how it looks and concerned that no-one else is jumping
up to offer alternatives with a more transparent background. We certainly
can't criticize anyone for submitting a proposal when no one else is.




More information about the cryptography mailing list