Simon (cipher)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Simon
Simon block cipher.svg
One round of Simon
General
Designers Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, Louis Wingers NSA
First published 2013
Related to Speck
Cipher detail
Key sizes 64, 72, 96, 128, 144, 192 or 256 bits
Block sizes 32, 48, 64, 96 or 128 bits
Structure Balanced Feistel network
Rounds 32, 36, 42, 44, 52, 54, 68, 69 or 72 (depending on block and key size)
Speed 7.5 cpb (21.6 without SSE) on Intel Xeon 5640 (Simon128/128)
Best public cryptanalysis
Differential cryptanalysis can break 46 rounds of Simon128/128 with 2125.6 data, 240.6 bytes memory and time complexity of 2125.7 with success rate of 0.632.[1][2][3]

Simon is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013.[4][5] Simon has been optimized for performance in hardware implementations, while its sister algorithm, Speck, has been optimized for software implementations.[6]

Description of the cipher[edit]

The Simon block cipher is a balanced Feistel cipher with an n-bit word, and therefore the block length is 2n. The key length is a multiple of n by 2, 3, or 4, which is the value m. Therefore, a Simon cipher implementation is denoted as Simon2n/nm. For example, Simon64/128 refers to the cipher operating on a 64-bit plaintext block (n=32) that uses a 128-bit key.[5] The block component of the cipher is uniform between the Simon implementations; however, the key generation logic is dependent on the implementation of 2, 3 or 4 keys.

Simon supports the following combinations of block sizes, key sizes and number of rounds:[5]

Block size (bits) Key size (bits) Rounds
32 64 32
48 72 36
96 36
64 96 42
128 44
96 96 52
144 54
128 128 68
192 69
256 72


See Also[edit]

References[edit]

  1. ^ "Differential and Linear Cryptanalysis of Reduced-Round Simon". Retrieved 2014-04-16. 
  2. ^ Farzaneh Abed, Eik List, Stefan Lucks, Jakob Wenzel (5 March 2014). Differential Cryptanalysis of Round-Reduced Simon and Speck (PDF). FSE 2014. conference slides. 
  3. ^ Hoda Alkhzaimi, Martin Lauridsen (28 Aug 2013). "Cryptanalysis of the SIMON Family of Block Ciphers" (PDF). 
  4. ^ Schneier, Bruce. "SIMON and SPECK: New NSA Encryption Algorithms". Schneier on Security. Retrieved 2013-07-17. 
  5. ^ a b c The Simon and Speck Families Of Lightwieght Block Ciphers (PDF). ePrint. Retrieved 2016-06-16. 
  6. ^ Claire Swedberg (17 July 2015). "NSA Offers Block Ciphers to Help Secure RFID Transmissions". RFID Journal.