LLMpediaThe first transparent, open encyclopedia generated by LLMs

SIMON

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: FSE Hop 4
Expansion Funnel Raw 68 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted68
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
SIMON
NameSIMON
DesignersNational Security Agency
Publish date2013
Key size64–128 bits
Block size32–128 bits
StructureFeistel network-like, block cipher
Rounds32–72

SIMON

SIMON is a family of lightweight block ciphers developed for constrained environments by the National Security Agency in 2013. The design targets devices such as smart card, Internet of Things, sensor network, and embedded system platforms, balancing simplicity with cryptographic strength. SIMON and its counterpart SIMON's sibling (SIMON's pair) have been referenced in standards discussions alongside algorithms like AES, Twofish, Serpent, Blowfish, and IDEA.

Introduction

SIMON is a parameterized family of block ciphers offering multiple block sizes (32, 48, 64, 96, 128 bits) and key lengths (64, 72, 96, 128, 144, 192, 256 bits) intended to match diverse constraints in devices such as ATmega328P-based microcontrollers, ARM Cortex-M0 cores, and FPGA fabrics like Xilinx Spartan series. The cipher emphasizes a compact round function, reduced gate count for ASIC implementations, and low RAM/ROM footprint for platforms like Arduino UNO and Raspberry Pi Pico. SIMON has been evaluated against contemporaneous proposals including Present cipher and PRESENT alternatives in lightweight cryptography workshops hosted by organizations such as IACR and NIST.

Design and Architecture

SIMON uses a simple, bitwise-rotation and bitwise-AND based round function arranged in an iterated structure reminiscent of Feistel constructions used in ciphers like DES and Blowfish. The round operation combines a left-rotation, right-rotation, and bitwise logical operations with XOR of round keys derived via a key schedule inspired by block ciphers such as IDEA and influenced by techniques seen in RC5. The design minimizes S-box usage, contrasting with substitution-permutation networks like AES and Serpent, to facilitate implementation on microcontroller instruction sets such as those in ARM Cortex-M3, MIPS, and RISC-V cores. SIMON's parameter matrix provides different security/performance trade-offs analogous to families like Camellia and KATAN.

Applications and Use Cases

SIMON targets constrained deployments including NFC tags, RFID transponders, Bluetooth Low Energy peripherals, and LoRaWAN gateways where power and silicon area are critical. It has been prototyped for use in firmware on ESP8266 modules, lightweight VPN tunnels in router-on-a-stick scenarios using OpenWrt-derived firmware, and secure boot loaders for single-board computers like BeagleBone Black. Researchers have used SIMON in testbeds involving contiki OS and TinyOS for wireless sensor network experiments alongside algorithms such as ChaCha20 and Salsa20 for performance comparison. Standards bodies and industry consortia have debated inclusion of SIMON in suites alongside ciphers like Camellia and ARIA.

Security and Analysis

Security analyses of SIMON have produced a broad literature from academic groups at institutions including École Polytechnique, MIT, ETH Zurich, and University of Luxembourg. Published cryptanalytic work includes differential cryptanalysis, linear cryptanalysis, and biclique approaches applied to reduced-round variants, comparing methods with attacks on AES and DES. Results show that full-parameter instances resist known practical attacks when parameters meet recommended bounds, while reduced-round versions are vulnerable to slide attacks and related-key techniques reminiscent of those exploited against early IDEA and 3DES studies. Cryptographers have examined SIMON under frameworks used in NIST lightweight cipher evaluations and workshops organized by IACR and USENIX.

Implementations and Performance

Implementations of SIMON exist in multiple languages and platforms: C reference implementations used in OpenSSL-style test harnesses, assembly-optimized kernels for ARMv7-M and AVR microcontrollers, and hardware descriptions in Verilog and VHDL for synthesis on Xilinx and Intel FPGA devices. Benchmarks compare cycle counts and gate equivalents against AES and PRESENT, often showing lower area and energy for small-block instances while noting trade-offs for throughput per area on high-speed processors. Implementations in cryptographic libraries and toolkits have been integrated experimentally in research forks of LibreSSL and embedded TLS stacks like mbed TLS for evaluation in constrained environments.

History and Development

SIMON was published by the National Security Agency in 2013 alongside a sister family, sparking immediate academic and industry analysis. The release prompted workshops at venues such as CRYPTO, Eurocrypt, Asiacrypt, and lightweight cryptography symposia where researchers from NIST, IACR, and various universities presented attacks, implementations, and hardware evaluations. Subsequent development included community-driven test vectors, reference code contributions on public repositories used by projects like GitHub and GitLab, and consideration in later NIST calls for lightweight cryptography. Debates over provenance and patent status led to discussions in bodies such as IETF and among implementers of standards like ISO/IEC committees.

Category:Block ciphers