U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)
Presentation

Update on the Security Analysis of Ascon

May 11, 2022

Presenters

Maria Eichlseder - Graz University of Technology

Description

Ascon is one of the finalists in the NIST LWC project. Since it was published in 2014 and selected as the first choice for resource-constrained environments of the CAESAR portfolio in 2019, there was already a substantial body of publications on Ascon’s security before the beginning of the NIST LWC project. In this talk, we provide an overview of recent third-party cryptanalysis results as well as our own work on new security bounds. We first focus on our efforts to improve the bounds for security against differential and linear cryptanalysis with new Boolean Satisfiability (SAT) models. We find bounds for 4 and 6 rounds of the permutation which, while probably not tight, reinforce confidence in the security of Ascon, Ascon-Hash, and Ascon-Xof against differential and linear attacks with respect to the security claim. We also discuss the implications of these bounds for the recently proposed MAC variants based on the Ascon permutation. Additionally, we use a similar  SAT model to provide differential bounds for the 1-round Ascon permutation with 1-bit rate as used in Isap, demonstrating the infeasibility of differentially-induced collisions in this construction. We also provide a brief overview and discussion of recent third-party analysis results. Among others, Rohit et al. [RHSS21] slightly reduced the data complexity of previous 7-round attacks to stay below the limit of 264 encrypted blocks. Rohit and Sarkar investigated classes of “weak keys” which permit slightly better attacks for round-reduced Ascon. Gerault et al. investigated the applicability of differential distinguishers for forgeries on round-reduced Ascon. Civek and Tezcan  provided new experiments on differential-linear cryptanalysis. In summary, these results provide a more detailed understanding of Ascon’s security margin, which essentially confirms and slightly refines the previously-known results on up to 7 out of 12 rounds of Ascon’s permutation.

Presented at

LWC Workshop 2022

Event Details

Location

    
                            

Related Topics

Security and Privacy: cryptography

Created May 05, 2022, Updated May 12, 2022