In this paper we present a practical cube attack against the full 6-round encryption in Ascon in the nonce-misuse setting. We precise right away that this attack does not violate the security claims made by the authors of Ascon, due to this setting. Our cryptanalysis is a conditional cube attack that is capable of recovering the full capacity in practical time by carefully studying the monomials of highest degree in the ANF of the full Ascon permutation. Overall, it has a complexity of about 240 adaptatively chosen plaintexts, and about 240 calls to the permutation. We have implemented the full attack and our experiments confirm our claims.
Lightweight Cryptography Workshop 2022
Starts: May 09, 2022Security and Privacy: cryptography