Speck vs Threefish's Mix

Question

When comparing Speck to Threefish's Mix:

The difference is that Threefish uses multiple rotation constants and only a single word is rotated in contrast to Speck which uses the same rotations every round and rotates both words in different directions.

Why do the two approaches differ? And is one measurably better?

One thing I noted is that when both words are rotated in different directions it is not that different from rotating a single word more, there is however a difference in the result of modulo64 addition - does that somehow help enough to justify an extra operation?

Answer 1

Having worked a bit with the SIMON/SPECK team, I can give you a non-official answer to this as I asked a similar question. The idea behind SPECK was that it would be easy to implement on a simple, embedded processor. For this reason, SPECK has a simple round structure where both words in the pair are rotated, one right, one left and these rotations are fixed across all rounds. This is really easy to implement on a MCU. For Threefish, the rotation constants vary from round to round, introducing additional complexity and diffusion, and the asymmetry contribute to security; however, this structure is difficult to implement on a MCU.

In summary, SPECK works well on a MCU compared to Threefish because that was the design target.