Paper 2015/172

Silent Simon: A Threshold Implementation under 100 Slices

Aria Shahverdi, Mostafa Taha, and Thomas Eisenbarth


Lightweight Cryptography aims at achieving security comparable to conventional cryptography at a much lower cost. Simon is a lightweight alternative to AES, as it shares same cryptographic parameters, but has been shown to be extremely area-efficient on FPGAs. However, in the embedded setting, protection against side channel analysis is often required. In this work we present a threshold implementation of Simon. The proposed core splits the information between three shares and achieves provable security against first order side-channel attacks. The core can be implemented in less than 100 slices of a low-cost FPGA, making it the world smallest threshold implementation of a block-cipher. Hence, the proposed core perfectly suits highly-constrained embedded systems including sensor nodes and RFIDs. Security of the proposed core is validated by provable arguments as well as practical DPA attacks and tests for leakage quantification.

Available format(s)
Publication info
Published elsewhere. IEEE International Symposium on Hardware-Oriented Security and Trust (HOST 2015)
Contact author(s)
ashahverdi @ wpi edu
mtaha @ wpi edu
teisenbarth @ wpi edu
2015-02-28: received
Short URL
Creative Commons Attribution


      author = {Aria Shahverdi and Mostafa Taha and Thomas Eisenbarth},
      title = {Silent Simon: A Threshold Implementation under 100 Slices},
      howpublished = {Cryptology ePrint Archive, Paper 2015/172},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.