CryptoDB
Improved Conditional Cube Attacks on Ascon AEADs in Nonce-Respecting Settings: with a Break-Fix Strategy
| Authors: | |
|---|---|
| Download: | |
| Abstract: | The best-known distinguisher on 7-round Ascon-128 and Ascon-128a AEAD uses a 60-dimensional cube where the nonce bits are set to be equal in the third and fourth rows of the Ascon state during initialization (Rohit et al. ToSC 2021/1). It was not known how to use this distinguisher to mount key-recovery attacks. In this paper, we investigate this problem using a new strategy called break-fix for the conditional cube attack. The idea is to introduce slightly-modified cubes which increase the degrees of 7-round output bits to be more than 59 (break phase) and then find key conditions which can bring the degree back to 59 (fix phase). Using this idea, key-recovery attacks on 7-round Ascon-128, Ascon-128a and Ascon-80pq are proposed. The attacks have better time/memory complexities than the existing attacks, and in some cases improve the weak-key attacks as well. |
BibTeX
@article{tosc-2024-34378,
title={Improved Conditional Cube Attacks on Ascon AEADs in Nonce-Respecting Settings: with a Break-Fix Strategy},
journal={IACR Transactions on Symmetric Cryptology},
publisher={Ruhr-Universität Bochum},
volume={024 No. 2},
pages={118-140},
url={https://tosc.iacr.org/index.php/ToSC/article/view/11623},
doi={10.46586/tosc.v2024.i2.118-140},
author={Kai Hu},
year=2024
}