Ascon

Analysis

Design rationale and designers’ results on Ascon’s security:

Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Ascon v1.2. Submission to Round 3 of the CAESAR competition (2016) [caesar|web]


Ascon permutation

Cube-like key-recovery attack on 7-round Ascon in 2103.9 time:

Zheng Li, Xiaoyang Dong, Xiaoyun Wang. Conditional Cube Attack on Round-Reduced ASCON. IACR Transactions on Symmetric Cryptology 2017(1), 175–202. See also: IACR Cryptology ePrint Archive 2017/160 (2017) [doi|eprint|web]

Cube-like attacks in a nonce-misuse setting:

Yanbin Li, Guoyan Zhang, Wei Wang, Meiqin Wang. Cryptanalysis of round-reduced ASCON. Science China Information Sciences 60(3), 038102 (2016) [doi]

Security of Ascon against state-recovery attacks:

Ashutosh Dhar Dwivedi, Miloš Klouček, Pawel Morawiecki, Ivica Nikolić, Josef Pieprzyk, Sebastian Wójtowicz. SAT-based Cryptanalysis of Authenticated Ciphers from the CAESAR Competition. IACR Cryptology ePrint Archive 2016/1053 (2016) [bib|eprint]

Differential distinguishers based on undisturbed bits for 5 rounds with 2109 data:

Cihangir Tezcan. Truncated, Impossible, and Improbable Differential Analysis of Ascon. ICISSP 2016. See also: IACR Cryptology ePrint Archive 2016/490 (2016) [bib|doi|eprint]

Security of Ascon’s S-box against division property attacks:

Faruk Göloglu, Vincent Rijmen, Qingju Wang. On the division property of S-boxes. IACR Cryptology ePrint Archive 2016/188 (2016) [bib|eprint]

Linear characteristic for 5 rounds with 67 active S-boxes, bias 2−94:

Christoph Dobraunig, Maria Eichlseder, Florian Mendel. Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates. ASIACRYPT 2015. See also: IACR Cryptology ePrint Archive 2015/1200 (2015) [bib|doi|eprint]

Integral distinguishers for 5 to 11 rounds, e.g., 265 texts for 7 rounds:

Yosuke Todo. Structural Evaluation by Generalized Integral Property. EUROCRYPT 2015. See also: IACR Cryptology ePrint Archive 2015/090 (2015) [bib|doi|eprint]

Linear, differential, cube-like attacks (key recovery: 6 rounds, permutation distinguisher):

Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Cryptanalysis of Ascon. CT-RSA 2015. See also: IACR Cryptology ePrint Archive 2015/030 (2015) [bib|doi|eprint]


Ascon mode

Ascon’s mode supports secure implementations on limited-memory devices:

Megha Agrawal, Donghoon Chang, Somitra Sanadhya. sp-AELM: Sponge Based Authenticated Encryption Scheme for Memory Constrained Devices. Information Security and Privacy – ACISP 2015 (2015) [bib|doi]

Suggestions to absorb authenticated data more efficiently:

Yu Sasaki, Kan Yasuda. How to Incorporate Associated Data in Sponge-Based Authenticated Encryption. CT-RSA 2015 (2015) [bib|doi]

Security proof for Ascon’s sponge mode even for higher rates:

Philipp Jovanovic, Atul Luykx, Bart Mennink. Beyond 2c∕2 Security in Sponge-Based Authenticated Encryption Modes. ASIACRYPT 2014. See also: IACR Cryptology ePrint Archive 2014/373 (2014) [bib|doi|eprint]


Ascon implementation

Hannes Gross, Stefan Mangard. Reconciling d+1 Masking in Hardware and Software. IACR Cryptology ePrint Archive 2017/103 (2017) [bib|eprint]

Ralph Ankele, Robin Ankele. Software Benchmarking of the 2nd round CAESAR Candidates. IACR Cryptology ePrint Archive 2016/740 (2016) [bib|eprint]

Ko Stoffelen. Optimizing S-Box Implementations for Several Criteria Using SAT Solvers. FSE 2016. See also: IACR Cryptology ePrint Archive 2016/198 (2016) [bib|doi|eprint]

Liran Lerman, Olivier Markowitch, Nikita Veshchikov. Comparing Sboxes of Ciphers from the Perspective of Side-Channel Attacks. IACR Cryptology ePrint Archive 2016/993 (2016) [bib|eprint]

Niels Samwel. Side-Channel Analysis of Keccak and Ascon. Master Thesis (2016) [web]

Michael Fivez. Energy Efficient Hardware Implementations of CAESAR Submissions. Master Thesis (2016) [web]

Hannes Groß, Erich Wenger, Christoph Dobraunig, Christoph Ehrenhöfer. Suit up! – Made-to-Measure Hardware Implementations of Ascon. DSD 2015. See also: IACR Cryptology ePrint Archive 2015/034 (2015) [bib|doi|eprint]