Simon (cipher)

Simon
	One round of Simon
General
Designers	Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, Louis Wingers NSA
First published	2013
Related to	Speck
Cipher detail
Key sizes	64, 72, 96, 128, 144, 192 or 256 bits
Block sizes	32, 48, 64, 96 or 128 bits
Structure	Balanced Feistel network
Rounds	32, 36, 42, 44, 52, 54, 68, 69 or 72 (depending on block and key size)
Speed	7.5 cpb (21.6 without SSE) on Intel Xeon 5640 (Simon128/128)
Best public cryptanalysis
	Differential cryptanalysis can break 46 rounds of Simon128/128 with 2125.6 data, 240.6 bytes memory and time complexity of 2125.7 with success rate of 0.632.

Simon is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013.^[5]^[1] Simon has been optimized for performance in hardware implementations, while its sister algorithm, Speck, has been optimized for software implementations.^[6]^[7]

The NSA began working on the Simon and Speck ciphers in 2011. The agency anticipated some agencies in the US federal government would need a cipher that would operate well on a diverse collection of Internet of Things devices while maintaining an acceptable level of security.^[8]

^ ^a ^b Cite error: The named reference eprintSimon was invoked but never defined (see the help page).
^ "Differential and Linear Cryptanalysis of Reduced-Round Simon". Retrieved 2014-04-16.
^ Abed, Farzaneh; List, Eik; Lucks, Stefan; Wenzel, Jakob (27 March 2014). Differential Cryptanalysis of Round-Reduced Simon and Speck (PDF). FSE 2014. conference slides. Bauhaus-Universität Weimar.
^ Alkhzaimi, Hoda; Lauridsen, Martin (28 Aug 2013), Cryptanalysis of the SIMON Family of Block Ciphers (PDF), International Association for Cryptologic Research (IACR) – via Cryptology ePrint Archive
^ Schneier, Bruce (July 2013). "SIMON and SPECK: New NSA Encryption Algorithms". Schneier on Security. Retrieved 2013-07-17.
^ Claire Swedberg (17 July 2015). "NSA Offers Block Ciphers to Help Secure RFID Transmissions". RFID Journal. Archived from the original on July 17, 2015.
^ Brian Degnan and Gregory Durgin (10 November 2017). "Simontool: Simulation Support for the Simon Cipher". IEEE Journal of Radio Frequency Identification. 1 (2): 195–201. Bibcode:2017IJRFI...1..195D. doi:10.1109/JRFID.2017.2771216. S2CID 37476795.
^ Beaulieu, Ray; Shors, Douglas; Smith, Jason; Treatman-Clark, Stefan; Weeks, Bryan; Winger, Louis. "Simon and Speck: Block Ciphers for the Internet of Things" (PDF). Retrieved 2017-11-23.

[eprintSimon-1] Cite error: The named reference eprintSimon was invoked but never defined (see the help page).

[2] "Differential and Linear Cryptanalysis of Reduced-Round Simon". Retrieved 2014-04-16.

[3] Abed, Farzaneh; List, Eik; Lucks, Stefan; Wenzel, Jakob (27 March 2014). Differential Cryptanalysis of Round-Reduced Simon and Speck (PDF). FSE 2014. conference slides. Bauhaus-Universität Weimar.

[4] Alkhzaimi, Hoda; Lauridsen, Martin (28 Aug 2013), Cryptanalysis of the SIMON Family of Block Ciphers (PDF), International Association for Cryptologic Research (IACR) – via Cryptology ePrint Archive

[5] Schneier, Bruce (July 2013). "SIMON and SPECK: New NSA Encryption Algorithms". Schneier on Security. Retrieved 2013-07-17.

[6] Claire Swedberg (17 July 2015). "NSA Offers Block Ciphers to Help Secure RFID Transmissions". RFID Journal. Archived from the original on July 17, 2015.

[ieeeSimonTool-7] Brian Degnan and Gregory Durgin (10 November 2017). "Simontool: Simulation Support for the Simon Cipher". IEEE Journal of Radio Frequency Identification. 1 (2): 195–201. Bibcode:2017IJRFI...1..195D. doi:10.1109/JRFID.2017.2771216. S2CID 37476795.

[Beaulieu2015-8] Beaulieu, Ray; Shors, Douglas; Smith, Jason; Treatman-Clark, Stefan; Weeks, Bryan; Winger, Louis. "Simon and Speck: Block Ciphers for the Internet of Things" (PDF). Retrieved 2017-11-23.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]