 Yeah, so I need to start with an apology because my Fluency in English decreases as the as it's becoming too late and late And it should be around 7 a.m. For me right now, so I should be about mute What I'm going to I am going to talk about standardization of Simon and speck and just to give some context These are two block ciphers designed by the NSN published in 2013, which will shortly after proposed as ISO standards and and Earlier this year then designers finally published a design rationale about these two ciphers, which I'm going to analyze now To avoid my opinion influence in this presentation What I did is to just take parts and quotes from this Document they published and I'll let you do the make the decision for yourselves So first let's talk about what's the security claim for Simon is and remember this is all from their document So they're saying that after four years of concerted effort by the academic by academic researchers the various versions of Simon and speck Return a margin averaging around 30% and in every case over 25% I please remember these numbers 30% and 25 so they also say that What kind of attacks they considered and they're saying that the designers team early analytic efforts Let us to believe that the type of attacks that are relevant for Simon and speck are of the differential and linear sort and Then they reiterate What kind of results us academics published and they're saying that in particular the design team determined that the single path Probabilities and linear correlations deep below two to the minus of the block size for 12 16 20 29 and 37 rounds for Versions of Simon. I'm talking about Simon, but almost everything I say now can be applied to speck I'll talk about that a bit more later. So That's the number of rounds They're saying that is the best that academics could find and they agree with that And then they're saying that Simon has a strong multi-path effect largely because of the it's the simplicity of its round function and That how it and we can estimate that we might very conservatively estimate that the number of rounds admitting Detectable linear correlations increases by 50% and Then first and last round that ideas must be factored in so if we total these numbers We see that the longest distinguisher for I took Simon 128, but I could have taken any other version The longest distinguisher is of 37 rounds and that the multi-path effect we need to add 50% more That's 18.5 more rounds adding two more rounds for the last and first and last round tricks which totals in 57.5 rounds that the Designers the NSA claim that this is what we believe that can be attacked Looking at the number of rounds the cipher offers. We see that Simon 128 has three versions With 68 69 and 72 rounds So doing a simple math we see that for example for a Simon 128 128 We return a security margin of 15 and a half percent and then and almost 17 and 20 percent for the other two versions Going back to the security claim they mind you they said that in every case it's over 25% these were three cases where they don't Retain at least 25% and in fact out of 20 versions of Simon and specs or 10 for Simon 10 for spec Only one has a security margin larger margin larger than 30% and only four Have a security margin larger than 25% if the average is in fact 18% and sometimes is it slow it is as low as 11% I don't have any more slides because I don't want to give any conclusions. You can decide for yourselves But I have nothing else to say. Thank you