Paper 2024/579

Tight Multi-user Security of Ascon and Its Large Key Extension

Bishwajit Chakraborty, Nanyang Technological University, Singapore
Chandranan Dhar, Indian Statistical Institute, Kolkata, India
Mridul Nandi, Indian Statistical Institute, Kolkata, India
Abstract

The Ascon cipher suite has recently become the preferred standard in the NIST Lightweight Cryptography standardization process. Despite its prominence, the initial dedicated security analysis for the Ascon mode was conducted quite recently. This analysis demonstrated that the Ascon AEAD mode offers superior security compared to the generic Duplex mode, but it was limited to a specific scenario: single-user nonce-respecting, with a capacity strictly larger than the key size. In this paper, we eliminate these constraints and provide a comprehensive security analysis of the Ascon AEAD mode in the multi-user setting, where the capacity need not be larger than the key size. Regarding data complexity $D$ and time complexity $T$, our analysis reveals that Ascon achieves AEAD security when $T$ is bounded by $\min\{2^{\kappa}/\mu, 2^c\}$ (where $\kappa$ is the key size, and $\mu$ is the number of users), and $DT$ is limited to $2^b$ (with $b$ denoting the size of the underlying permutation, set at 320 for Ascon). Our results align with NIST requirements, showing that Ascon allows for a tag size as small as 64 bits while supporting a higher rate of 192 bits, provided the number of users remains within recommended limits. However, this security becomes compromised as the number of users increases significantly. To address this issue, we propose a variant of the Ascon mode called LK-Ascon, which enables doubling the key size. This adjustment allows for a greater number of users without sacrificing security, while possibly offering additional resilience against quantum key recovery attacks. We establish tight bounds for LK-Ascon, and furthermore show that both Ascon and LK-Ascon maintain authenticity security even when facing nonce-misuse adversaries.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. ACISP 2024
Keywords
Asconlarge-key Ascontight securitymulti-userlightweight cryptography
Contact author(s)
bishwajit chakrabort @ ntu edu sg
chandranandhar @ gmail com
mridul nandi @ gmail com
History
2024-04-16: approved
2024-04-15: received
See all versions
Short URL
https://ia.cr/2024/579
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/579,
      author = {Bishwajit Chakraborty and Chandranan Dhar and Mridul Nandi},
      title = {Tight Multi-user Security of Ascon and Its Large Key Extension},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/579},
      year = {2024},
      url = {https://eprint.iacr.org/2024/579}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.