Abstract
We present a detailed security analysis of the CAESAR candidate Ascon. Amongst others, cube-like, differential and linear cryptanalysis are used to evaluate the security of Ascon. Our results are practical key-recovery attacks on round-reduced versions of Ascon-128, where the initialization is reduced to 5 out of 12 rounds. Theoretical key-recovery attacks are possible for up to 6 rounds of initialization. Moreover, we present a practical forgery attack for 3 rounds of the finalization, a theoretical forgery attack for 4 rounds finalization and zero-sum distinguishers for the full 12-round Ascon permutation. Besides, we present the first results regarding linear cryptanalysis of Ascon, improve upon the results of the designers regarding differential cryptanalysis, and prove bounds on the minimum number of (linearly and differentially) active S-boxes for the Ascon permutation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aumasson, J.P., Meier, W.: Zero-sum distinguishers for reduced Keccak-\(f\) and for the core functions of Luffa and Hamsi. CHES rump session (2009)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak Specifications. Submission to NIST (Round 3) (2011). http://keccak.noekeon.org
Biere, A.: Lingeling, Plingeling and Treengeling entering the SAT Competition 2013. In: Balint, A., Belov, A., Heule, M., Järvisalo, M. (eds.) SAT competition 2013. vol. B-2013-1, pp. 51–52 (2013). http://fmv.jku.at/lingeling/
Biham, E., Dunkelman, O., Keller, N.: Enhancing Differential-Linear Cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254–266. Springer, Heidelberg (2002)
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)
Boura, C., Canteaut, A.: A zero-sum property for the Keccak-\(f\) permutation with 18 rounds. In: IEEE International Symposium on Information Theory, pp. 2488–2492. IEEE (2010)
Boura, C., Canteaut, A., De Cannière, C.: Higher-order differential properties of keccak and Luffa. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 252–269. Springer, Heidelberg (2011)
Daemen, J.: Permutation-based Encryption. Authentication and Authenticated Encryption, DIAC - Directions in Authenticated Ciphers (2012)
Dinur, I., Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Cube Attacks and Cube-attack-like Cryptanalysis on the Round-reduced Keccak Sponge Function. IACR Cryptology ePrint Archive 2014, 736 (2014). http://eprint.iacr.org/2014/736
Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon. Submission to the CAESAR competition (2014). http://ascon.iaik.tugraz.at
Dunkelman, O., Indesteege, S., Keller, N.: A Differential-Linear Attack on 12-Round Serpent. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 308–321. Springer, Heidelberg (2008)
Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007)
Huang, T., Wu, H., Tjuawinata, I.: Practical State Recovery Attack on ICEPOLE. http://www3.ntu.edu.sg/home/huangtao/icepole/icepole_attack.pdf
Jovanovic, P., Luykx, A., Mennink, B.: Beyond 2\(^{\mathit{c}/2}\) Security in Sponge-Based Authenticated Encryption Modes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 85–104. Springer, Heidelberg (2014)
Langford, S.K.: Differential-linear cryptanalysis and threshold signatures. Ph.D. thesis, Stanford University (1995)
Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)
Matsui, M., Yamagishi, A.: A New Method for Known Plaintext Attack of FEAL Cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993)
National Institute of Standards and Technology: FIPS PUB 180–4: Secure Hash Standard. Federal Information Processing Standards Publication 180–4, U.S. Department of Commerce (March 2012). http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
The CAESAR committee: CAESAR: Competition for authenticated encryption: Security, applicability, and robustness (2014). http://competitions.cr.yp.to/caesar.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M. (2015). Cryptanalysis of Ascon . In: Nyberg, K. (eds) Topics in Cryptology –- CT-RSA 2015. CT-RSA 2015. Lecture Notes in Computer Science(), vol 9048. Springer, Cham. https://doi.org/10.1007/978-3-319-16715-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-16715-2_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16714-5
Online ISBN: 978-3-319-16715-2
eBook Packages: Computer ScienceComputer Science (R0)