[Cryptography] Observation on Simon and Speck

Ryan Carboni ryacko at gmail.com
Tue Oct 30 02:04:06 EDT 2018

Simon has 72 rounds, minus 11 rounds for diffusion. Each round uses a
single AND gate per bit, so 61 AND gates are used per bit for the internal

Speck has 32 rounds, minus 8 rounds for diffusion. Each nonlinear function
could be evaluated as either two AND gates or maybe one and a half AND
gates, which isn’t strictly accurate. For the internal function, either 72
AND gates could be said to be used or 60 AND gates.

It appears to achieve 256-bits of security, one only needs about 60 AND
