Paper 2024/743

Improved Conditional Cube Attacks on Ascon AEADs in Nonce-Respecting Settings -- with a Break-Fix Strategy

Kai Hu, Shandong University, Nanyang Technological University
Abstract

The best-known distinguisher on 7-round Ascon-128 and Ascon-128a AEAD uses a 60-dimensional cube where the nonce bits are set to be equal in the third and fourth rows of the Ascon state during initialization (Rohit et al. ToSC 2021/1). It was not known how to use this distinguisher to mount key-recovery attacks. In this paper, we investigate this problem using a new strategy called \textit{break-fix} for the conditional cube attack. The idea is to introduce slightly-modified cubes which increase the degrees of 7-round output bits to be more than 59 (break phase) and then find key conditions which can bring the degree back to 59 (fix phase). Using this idea, key-recovery attacks on 7-round Ascon-128, Ascon-128a and Ascon-80pq are proposed. The attacks have better time/memory complexities than the existing attacks, and in some cases improve the weak-key attacks as well.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2024
Keywords
Ascon · AEAD · Conditional Cube Attack
Contact author(s)
kai hu @ sdu edu cn
History
2024-05-16: approved
2024-05-15: received
See all versions
Short URL
https://ia.cr/2024/743
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/743,
      author = {Kai Hu},
      title = {Improved Conditional Cube Attacks on Ascon {AEADs} in Nonce-Respecting Settings -- with a Break-Fix Strategy},
      howpublished = {Cryptology ePrint Archive, Paper 2024/743},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/743}},
      url = {https://eprint.iacr.org/2024/743}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.