Bounds for the Security of Ascon against Differential and Linear Cryptanalysis
The NIST Lightweight Cryptography project aims to standardize symmetric cryptographic designs, including authenticated encryption and hashing, suitable for constrained devices. One essential criterion for the evaluation of the 10 finalists is the evidence for their security against attacks like line...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology Vol. 2022; no. 1; pp. 64 - 87 |
|---|---|
| Main Authors | , , |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr-Universität Bochum
11.03.2022
|
| Online Access | Get full text |
Cover
Loading…
| Abstract | The NIST Lightweight Cryptography project aims to standardize symmetric cryptographic designs, including authenticated encryption and hashing, suitable for constrained devices. One essential criterion for the evaluation of the 10 finalists is the evidence for their security against attacks like linear and differential cryptanalysis. For Ascon, one of the finalists and previous winner of the CAESAR competition in the ‘lightweight’ category, there is a large gap between the proven bounds and the best known characteristics found with heuristic tools: The bounds only cover up to 3 rounds with 15 differentially and 13 linearly active S-boxes, insufficient for proving a level of security for the full constructions.In this paper, we propose a new modeling strategy for SAT solvers and derive strong bounds for the round-reduced Ascon permutation. We prove that 4 rounds already ensure that any single characteristic has a differential probability or squared correlation of at most 2−72, and 6 rounds at most 2−108. This is significantly below the bound that could be exploited within the query limit for keyed Ascon modes. These bounds are probably not tight. To achieve this result, we propose a new search strategy of dividing the search space into a large number of subproblems based on ‘girdle patterns’, and show how to exploit the rotational symmetry of Ascon using necklace theory. Additionally, we evaluate and optimize several aspects of the pure SAT model, including the counter implementation and parallelizability, which we expect to be useful for future applications to other models. |
|---|---|
| AbstractList | The NIST Lightweight Cryptography project aims to standardize symmetric cryptographic designs, including authenticated encryption and hashing, suitable for constrained devices. One essential criterion for the evaluation of the 10 finalists is the evidence for their security against attacks like linear and differential cryptanalysis. For Ascon, one of the finalists and previous winner of the CAESAR competition in the ‘lightweight’ category, there is a large gap between the proven bounds and the best known characteristics found with heuristic tools: The bounds only cover up to 3 rounds with 15 differentially and 13 linearly active S-boxes, insufficient for proving a level of security for the full constructions.In this paper, we propose a new modeling strategy for SAT solvers and derive strong bounds for the round-reduced Ascon permutation. We prove that 4 rounds already ensure that any single characteristic has a differential probability or squared correlation of at most 2−72, and 6 rounds at most 2−108. This is significantly below the bound that could be exploited within the query limit for keyed Ascon modes. These bounds are probably not tight. To achieve this result, we propose a new search strategy of dividing the search space into a large number of subproblems based on ‘girdle patterns’, and show how to exploit the rotational symmetry of Ascon using necklace theory. Additionally, we evaluate and optimize several aspects of the pure SAT model, including the counter implementation and parallelizability, which we expect to be useful for future applications to other models. |
| Author | Mendel, Florian Eichlseder, Maria Erlacher, Johannes |
| Author_xml | – sequence: 1 givenname: Johannes surname: Erlacher fullname: Erlacher, Johannes – sequence: 2 givenname: Florian surname: Mendel fullname: Mendel, Florian – sequence: 3 givenname: Maria surname: Eichlseder fullname: Eichlseder, Maria |
| BookMark | eNp9kMFqGzEQQEVJoUnqP-hBP7COVpI1Um-uk7QGkxzaQm9iViu5ClvJSErAf9_ETiDkkNMMA-8xvDNyknLyhHzp2VyqhVYXLVc3f-CM83ns50p2Gj6QU77oTdeD-HPyav9EZrXeMca4NkJJc0puvuX7NFYacqHtr6c_vbsvse1pDnRZXU4UtxhTbfQyhuCLTy3iRDGNdBOTx0JXZb9rmHDa11g_k48Bp-pnz_Oc_L6--rX60W1uv69Xy03nJDetc4hoNDitQhBo_KADG4dBBCEEAykBQEuuJdPYB-GlYc74wLzi4JSAQZyT9dE7ZryzuxL_YdnbjNEeDrlsLZYW3eQtIALXymNgRopRagYqACycH2GAwT26vh5druRaiw_WxYYt5tQKxsn2zB5C26fQ9hDaxt4qaTU8wvIN_PLMu9h_KVGHVQ |
| CitedBy_id | crossref_primary_10_1049_2024_6624991 crossref_primary_10_1587_transfun_2023EAP1098 crossref_primary_10_1109_JIOT_2024_3420908 crossref_primary_10_1587_transfun_2023EAP1149 crossref_primary_10_1109_TIT_2024_3473940 crossref_primary_10_1007_s10623_023_01259_9 crossref_primary_10_1088_1402_4896_ad9867 crossref_primary_10_1007_s11128_024_04472_0 crossref_primary_10_1007_s10623_024_01383_0 |
| ContentType | Journal Article |
| DBID | AAYXX CITATION DOA |
| DOI | 10.46586/tosc.v2022.i1.64-87 |
| DatabaseName | CrossRef DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2519-173X |
| EndPage | 87 |
| ExternalDocumentID | oai_doaj_org_article_7aa7286eaf0943d48076f775ced7b7bc 10_46586_tosc_v2022_i1_64_87 |
| GroupedDBID | AAYXX ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV CITATION GROUPED_DOAJ |
| ID | FETCH-LOGICAL-c429t-caaa987c86ff3a9eb8f0dbb3f33307447778428408a1f3e490c9ef0e627c637b3 |
| IEDL.DBID | DOA |
| ISSN | 2519-173X |
| IngestDate | Wed Aug 27 01:00:51 EDT 2025 Tue Jul 01 03:41:35 EDT 2025 Thu Apr 24 23:10:26 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 1 |
| Language | English |
| License | https://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c429t-caaa987c86ff3a9eb8f0dbb3f33307447778428408a1f3e490c9ef0e627c637b3 |
| OpenAccessLink | https://doaj.org/article/7aa7286eaf0943d48076f775ced7b7bc |
| PageCount | 24 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_7aa7286eaf0943d48076f775ced7b7bc crossref_citationtrail_10_46586_tosc_v2022_i1_64_87 crossref_primary_10_46586_tosc_v2022_i1_64_87 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2022-03-11 |
| PublicationDateYYYYMMDD | 2022-03-11 |
| PublicationDate_xml | – month: 03 year: 2022 text: 2022-03-11 day: 11 |
| PublicationDecade | 2020 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2022 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.3063524 |
| Snippet | The NIST Lightweight Cryptography project aims to standardize symmetric cryptographic designs, including authenticated encryption and hashing, suitable for... |
| SourceID | doaj crossref |
| SourceType | Open Website Enrichment Source Index Database |
| StartPage | 64 |
| Title | Bounds for the Security of Ascon against Differential and Linear Cryptanalysis |
| URI | https://doaj.org/article/7aa7286eaf0943d48076f775ced7b7bc |
| Volume | 2022 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV09T8MwELVQJxYEAkT5kgdWlyR2bGdsC1WFRBeo1M2yHRsVVWnVFCT-Pec4VNm6sFqObd35fPeUu3sIPUjwSvDqp8RkuSRMW7A5JnKiJefMG8p4Uz72OuPTOXtZ5IsO1VfICYvtgaPgHoXWIpPcaR9y4MpQAc29ELl1pTDC2PD6gs_rgKnP-PuMclbEWjnYL7AJrWs7-Aasnw2W6YAzErLoOr6o07K_8S2TU3TSBoV4GA9zho5cdY5mo8B4VGOIKjFEafitZZrDa4-HNcBYrD8A1tc7_NSSnICxrrCuSgwAEy4wHm9_NhD7xa4jF2g-eX4fT0nLfkAs-IgdsVrrQgorufdUF85In5TGUE8p2CVjQggJ2IElUqeeOlYktnA-cTwTllNh6CXqVevKXSHMmYF1kkg1DA7eOJZlOoxlVPPE9xH9k4OybWvwwFCxUgARGumpID3VSE8tU8WZkqKPyP6rTWyNcWD-KIh4Pzc0tm4GQN2qVbc6pO7r_1jkBh2Hk4VUsjS9Rb3d9svdQWyxM_fNNfoFAwnMDw |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Bounds+for+the+Security+of+Ascon+against+Differential+and+Linear+Cryptanalysis&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Johannes+Erlacher&rft.au=Florian+Mendel&rft.au=Maria+Eichlseder&rft.date=2022-03-11&rft.pub=Ruhr-Universit%C3%A4t+Bochum&rft.eissn=2519-173X&rft.volume=2022&rft.issue=1&rft_id=info:doi/10.46586%2Ftosc.v2022.i1.64-87&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_7aa7286eaf0943d48076f775ced7b7bc |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2519-173X&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2519-173X&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2519-173X&client=summon |