Simon (cipher)
One round of Simon | |
General | |
---|---|
Designers | Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, Louis Wingers NSA |
First published | 2013 |
Related to | Speck |
Cipher detail | |
Key sizes | 64, 72, 96, 128, 144, 192 or 256 bits |
Block sizes | 32, 48, 64, 96 or 128 bits |
Structure | Balanced Feistel network |
Rounds | 32, 36, 42, 44, 52, 54, 68, 69 or 72 (depending on block and key size) |
Speed | 7.5 cpb (21.6 without SSE) on Intel Xeon 5640 (Simon128/128) |
Best public cryptanalysis | |
Differential cryptanalysis can break 46 rounds of Simon128/128 with 2125.6 data, 240.6 bytes memory and time complexity of 2125.7 with success rate of 0.632.[1][2][3] |
Simon is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013.[4] Simon has been optimized for performance in hardware implementations, while its sister algorithm, Speck, has been optimized for software implementations.[5]
Description of the cipher
The Simon block cipher is a balanced Feistel cipher with an n-bit word, and therefore the block length is 2n. The key length is a multiple of n by 2, 3, or 4, which is the value m. Therefore, a Simon cipher implementation is denoted as Simon2n/nm. For example, Simon64/128 refers to the cipher operating on a 64-bit plaintext block (n=32) that uses a 128-bit key.[6] The block component of the cipher is uniform between the Simon implementations; however, the key generation logic is dependent on the implementation of 2, 3 or 4 keys.
Simon supports the following combinations of block sizes, key sizes and number of rounds:[6]
Block size (bits) | Key size (bits) | Rounds |
---|---|---|
32 | 64 | 32 |
48 | 72 | 36 |
96 | 36 | |
64 | 96 | 42 |
128 | 44 | |
96 | 96 | 52 |
144 | 54 | |
128 | 128 | 68 |
192 | 69 | |
256 | 72 |
See Also
References
- ↑ "Differential and Linear Cryptanalysis of Reduced-Round Simon". Retrieved 2014-04-16.
- ↑ Farzaneh Abed, Eik List, Stefan Lucks, Jakob Wenzel (5 March 2014). Differential Cryptanalysis of Round-Reduced Simon and Speck (PDF). FSE 2014. conference slides.
- ↑ "Cryptanalysis of the SIMON Family of Block Ciphers" (PDF).
- ↑ Schneier, Bruce. "SIMON and SPECK: New NSA Encryption Algorithms". Schneier on Security. Retrieved 2013-07-17.
- ↑ Claire Swedberg (17 July 2015). "NSA Offers Block Ciphers to Help Secure RFID Transmissions". RFID Journal.
- 1 2 The Simon and Speck Families Of Lightwieght Block Ciphers (PDF). CHES 2015. Retrieved 2014-01-29.