I am a circuit designer by training, and not a cryptographer. One of the thing that I've found from working with cryptographers, is that I find them to be odd to work with by nature. It's most like because their products are seldom tangible, and therefore there is a lot of infighting.
In this article on the ISO rejection of SIMON, there's a quote regarding the NSA from Tomer Ashur: "They refused to motivate design choices they made such as the choice of matrices U, V, and W in Simon’s key schedule. Instead, they chose to personally attack some of the experts (including @hashbreaker, Orr Dunkelman and myself) as incompetent."
Well, I know the design choices behind U, W, V, which were related to slide attacks for some internal tool they had based on the rounds. I do not know anything about the tool, but Shor's mentioned this when I asked when I was writing my Simontool paper. The matrices in question with circuit implementation are in my simontool.supplemental.pdf. The question at hand is how U, W, and V where decided; however, I cannot answer that as I do not have their internal tools. Having said that, the circuits are beautiful, and perhaps someone will do a detailed analysis of the tradeoffs between each matrix for rounds.
