2015 | OriginalPaper | Buchkapitel
Cryptanalysis of Ascon
verfasst von : Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer
Erschienen in: Topics in Cryptology –- CT-RSA 2015
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We present a detailed security analysis of the CAESAR candidate
Ascon
. Amongst others, cube-like, differential and linear cryptanalysis are used to evaluate the security of
Ascon
. Our results are practical key-recovery attacks on round-reduced versions of
Ascon
-128, where the initialization is reduced to 5 out of 12 rounds. Theoretical key-recovery attacks are possible for up to 6 rounds of initialization. Moreover, we present a practical forgery attack for 3 rounds of the finalization, a theoretical forgery attack for 4 rounds finalization and zero-sum distinguishers for the full 12-round
Ascon
permutation. Besides, we present the first results regarding linear cryptanalysis of
Ascon
, improve upon the results of the designers regarding differential cryptanalysis, and prove bounds on the minimum number of (linearly and differentially) active S-boxes for the
Ascon
permutation.