A brief comparison of Simon and Simeck

SIMECK is a new lightweight block cipher design based on combining the design principles of the SIMON and Speck block cipher. While the design allows a smaller and more efficient hardware implementation, its security margins are not well understood. The lack of design rationals of its predecessors further leaves some uncertainty on the security of SIMECK.

In this work we give a short analysis of the impact of the design changes by comparing the upper bounds on the probability of differential and linear trails with SIMON. We also give a comparison of the effort of finding those bounds, which surprisingly is significantly lower for SIMECK while covering a larger number of rounds at the same time.

Furthermore, we provide new differentials for SIMECK which can cover more rounds compared to previous results on SIMON and study how to choose good differentials for attacks and show that one can find better differentials by building them from a larger set of trail with initially lower probability. We also provide experimental results for the differentials for SIMON32 and SIMECK32 which show that there exist keys for which the probability of the differential is significantly higher than expected.

Based on this we mount key recovery attacks on 19/26/33 rounds of SIMECK32/48/64, which also give insights on the reduced key guessing effort due to the different set of rotation constants.