Talk:Simon (cipher)

Talk
I'm waiting for more secondary sources to pick up the story before expanding this article. The citation is from the blog of a recognized expert in the field. LargeBlockCipher (talk) 18:40, 17 July 2013 (UTC)

Resolving the ISO question.
The ISO rejection for standardization should be included; however, I found the notes from the meeting to not be compelling as many of the questions were address in the NIST 8114 presentations by the SIMON team and for this reason one obscure link does not warrant reference. The ISO discussion are public and would be a better source. The details of the rejection should be included as well. Degs (talk) 20:39, 11 June 2018 (UTC)


 * Lede should mention ISO rejection. The claim that those cryptographers are merely a bunch of paranoids is outrageous. The fact that they are highly suspicious with respect to the algorithm is very relevant information; optics do obviously matter a lot for cryptographic algorithms and this one simply raises too many red flags. The NSA rejected to disclaim that it has any non-public knowledge about weaknesses in the algorithm. SHA1 was a NSA algorithm, too, and it turned out to be completely flawed. By hiding the ISO rejection in a section near the end of the article this highly controversial algorithm is being whitewashed. NIST 8114's "Lightweight cryptography" -- I suppose that's the new name for what until recently they called "responsible encryption"? Just give it a new name and a positive purpose -- it saves battery on your mobile device? --rtc (talk) 20:42, 11 June 2018 (UTC)


 * The reason for the ISO rejection should be mentioned, as well as the sources.  There's a great quantity of work at IACR regarding SIMON, and there's not obvious holes; however, I understand the distrust of the NSA.  The cipher is very easy to analyze, and my primary issue was the sources when original sources can be referenced.  The ISO rejection should include better citation. The lack of disclosure of U,V,W logic is important; however, those were discussed at NIST8114 so I'm unsure why they were an issue for the ISO. Degs (talk) 23:43, 11 June 2018 (UTC)
 * They were an issue for ISO because ISO people were not familiar with the discussion at NIST 8114. I skimmed it now and couldn't find the part you're talking about. Can you please point me to the relevant page? When formally asked about it as part of the ISO process, the NSA's response was something to the effect of "this is not the place and time to discuss this" and they refused to provide further details.
 * Anyway, the real discussion in ISO was about the number of rounds, about which they consistently refused to provide information (see e.g., Notes on 'Notes on the design and analysis of SIMON and SPECK' and an Analysis of it). Atul Luykx and I were requested to write a book chapter about the standardization of Simon & Speck in ISO and we're currently working on it. I don't know the expected publication date for this book but I think it might be out as early as September 2018. Tomer A. 11:14, 7 July 2018 (UTC)


 * Took longer than I expected but in case someone wants to add something about it this article or to Speck the book chapter is finally out: Tomer A. 08:33, 17 February 2021 (UTC)