Journal of Cryptology publication:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Ascon v1.2: Lightweight Authenticated Encryption and Hashing. Journal of Cryptology 34(3), 33 (2021) [bib|doi]
Design rationale and designers’ results on Ascon’s security (NIST submission):
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Ascon v1.2. Submission to the NIST Lightweight Cryptography competition (2019) [nist|web]
Design rationale and designers’ results on Ascon’s security (CAESAR submission):
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Ascon v1.2. Submission to Round 3 of the CAESAR competition (2016) [caesar|web]
Ascon permutation
Proving bounds beyond 2-128 for linear and differential characteristics of the 6-round Ascon permutation:
Solane El Hirch, Silvia Mella, Alireza Mehrdad, Joan Daemen. Improved Differential and Linear Trail Bounds for ASCON. IACR Trans. Symmetric Cryptol. 2022(4), 145–178. See also: IACR Cryptology ePrint Archive 2022/1377 (2022) [bib|doi|eprint]
Identifying sets of keys for which the cube-based attacks on 7R are more efficient:
Raghvendra Rohit, Santanu Sarkar. Diving Deep into the Weak Keys of Round Reduced Ascon. IACR Transactions on Symmetric Cryptology 2021(4), 74–99. See also: IACR Cryptology ePrint Archive 2021/1556 (2021) [bib|doi|eprint]
Limited-birthday distinguishers up to 7R, forgeries up to 4R Ascon-128, collisions for 2R Ascon-Hash:
David Gérault, Thomas Peyrin, Quan Quan Tan. Exploring Differential-Based Distinguishers and Forgeries for ASCON. IACR Transactions on Symmetric Cryptology 2021(3), 102–136. See also: IACR Cryptology ePrint Archive 2021/1103 (2021) [bib|doi|eprint]
Optimized cube-based attacks on 7R using at most 264 data:
Raghvendra Rohit, Kai Hu, Sumanta Sarkar, Siwei Sun. Misuse-Free Key-Recovery and Distinguishing Attacks on 7-Round Ascon. IACR Transactions on Symmetric Cryptology 2021(1), 130–155. See also: IACR Cryptology ePrint Archive 2021/194 (2021) [bib|doi|eprint]
MILP model of the DDT of Ascon’s S-box:
Aleksei Udovenko. MILP modeling of Boolean functions by minimum number of inequalities. IACR Cryptology ePrint Archive 2021/1099 (2021) [bib|eprint]
Differential-linear attacks up to 5R of the permutation:
Meicheng Liu, Xiaojuan Lu, Dongdai Lin. Differential-Linear Cryptanalysis from an Algebraic Perspective. CRYPTO 2021 (2021) [bib|doi]
Improved distinguishers using the bit-based division property for 5R Ascon permutation:
Shibam Ghosh, Orr Dunkelman. Automatic Search for Bit-Based Division Property. LATINCRYPT 2021. See also: IACR Cryptology ePrint Archive 2021/965 (2021) [bib|doi|eprint]
Improved complexity of 4R and 5R differential-linear attacks:
Cihangir Tezcan. Analysis of Ascon, DryGASCON, and Shamash Permutations [bib|eprint]
Cycle properties of Ascon’s linear layer:
Guoqiang Deng, Yongzhuang Wei, Xuefeng Duan, Enes Pasalic, Samir Hodzic. Specifying cycles of minimal length for commonly used linear layers in block ciphers. IACR Cryptology ePrint Archive 2020/1163 (2020) [bib|eprint]
Integral distinguishers for the round-reduced inverse Ascon permutation:
Hailun Yan, Xuejia Lai, Lei Wang, Yu Yu, Yiran Xing. New zero-sum distinguishers on full 24-round Keccak-f using the division property. IET Information Security 13(5), 469–478 (2019) [bib|doi]
Improved 4-round differential-linear analysis and subspace trails:
Cihangir Tezcan. Distinguishers for Reduced Round Ascon, DryGASCON, and Shamash Permutations. NIST Lightweight Cryptography Workshop 2019 (2019) [web]
Collisions for Ascon-Hash reduced to 2 rounds with complexity 2125:
Rui Zong, Xiaoyang Dong, Xiaoyun Wang. Collision Attacks on Round-Reduced Gimli-Hash/Ascon-Xof/Ascon-Hash. IACR Cryptology ePrint Archive 2019/1115 (2019) [bib|eprint]
Designers’ analysis of Ascon’s hash and extendable output functions:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Preliminary Analysis of Ascon-Xof and Ascon-Hash (version 0.1). Preprint (2019) [web]
Detailed analysis of differential-linear attack on 5 rounds:
Achiya Bar-On, Orr Dunkelman, Nathan Keller, Ariel Weizman. DLCT: A New Tool for Differential-Linear Cryptanalysis. EUROCRYPT 2019. See also: IACR Cryptology ePrint Archive 2019/256 (2019) [eprint]
No good subspace trails exist for Ascon:
Gregor Leander, Cihangir Tezcan, Friedrich Wiemer. Searching for Subspace Trails and Truncated Differentials. IACR Transactions on Symmetric Cryptology 2018(1), 74–100 (2018) [bib|doi]
Cube-like key-recovery attack on 7-round Ascon in 2103.9 time:
Zheng Li, Xiaoyang Dong, Xiaoyun Wang. Conditional Cube Attack on Round-Reduced ASCON. IACR Transactions on Symmetric Cryptology 2017(1), 175–202. See also: IACR Cryptology ePrint Archive 2017/160 (2017) [bib|doi|eprint|web]
Cube-like attacks in a nonce-misuse setting:
Yanbin Li, Guoyan Zhang, Wei Wang, Meiqin Wang. Cryptanalysis of round-reduced ASCON. Science China Information Sciences 60(3), 038102 (2017) [bib|doi]
Security of Ascon against state-recovery attacks:
Ashutosh Dhar Dwivedi, Miloš Klouček, Pawel Morawiecki, Ivica Nikolič, Josef Pieprzyk, Sebastian Wójtowicz. SAT-based Cryptanalysis of Authenticated Ciphers from the CAESAR Competition. IACR Cryptology ePrint Archive 2016/1053 (2017) [bib|doi|eprint]
Differential distinguishers based on undisturbed bits for 5 rounds with 2109 data:
Cihangir Tezcan. Truncated, Impossible, and Improbable Differential Analysis of Ascon. ICISSP 2016. See also: IACR Cryptology ePrint Archive 2016/490 (2016) [bib|doi|eprint]
Security of Ascon’s S-box against division property attacks:
Faruk Göloglu, Vincent Rijmen, Qingju Wang. On the division property of S-boxes. IACR Cryptology ePrint Archive 2016/188 (2016) [bib|eprint]
Linear characteristic for 5 rounds with 67 active S-boxes, bias 2−94:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel. Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates. ASIACRYPT 2015. See also: IACR Cryptology ePrint Archive 2015/1200 (2015) [bib|doi|eprint]
Integral distinguishers for 5 to 11 rounds, e.g., 265 texts for 7 rounds:
Yosuke Todo. Structural Evaluation by Generalized Integral Property. EUROCRYPT 2015. See also: IACR Cryptology ePrint Archive 2015/090 (2015) [bib|doi|eprint]
Linear, differential, cube-like attacks (key recovery: 6 rounds, permutation distinguisher):
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Cryptanalysis of Ascon. CT-RSA 2015. See also: IACR Cryptology ePrint Archive 2015/030 (2015) [bib|doi|eprint]
Ascon mode
Efficient modes of operation for standalone message authentication for short and arbitrary-length messages:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer. Ascon PRF, MAC, and Short-Input MAC [bib|eprint]
Leakage security of Ascon:
Chun Guo, Olivier Pereira, Thomas Peters, François-Xavier Standaert. Towards Lighter Leakage-resilient Authenticated Encryption from the Duplex Construction. IACR Cryptology ePrint Archive 2019/193 (2019) [bib|eprint]
Comparison of Ascon’s misuse resistance with other Round-3 CAESAR candidates:
Serge Vaudenay, Damian Vizár. Can Caesar Beat Galois? – Robustness of CAESAR Candidates Against Nonce Reusing and High Data Complexity Attacks. ACNS 2018. See also: IACR Cryptology ePrint Archive 2017/1147 (2018) [bib|doi|eprint]
Ascon’s mode supports secure implementations on limited-memory devices:
Megha Agrawal, Donghoon Chang, Somitra Sanadhya. sp-AELM: Sponge Based Authenticated Encryption Scheme for Memory Constrained Devices. ACISP 2015 (2015) [bib|doi]
Suggestions to absorb authenticated data more efficiently:
Yu Sasaki, Kan Yasuda. How to Incorporate Associated Data in Sponge-Based Authenticated Encryption. CT-RSA 2015 (2015) [bib|doi]
Security proof for Ascon’s sponge mode even for higher rates:
Philipp Jovanovic, Atul Luykx, Bart Mennink. Beyond 2c∕2 Security in Sponge-Based Authenticated Encryption Modes. ASIACRYPT 2014. See also: IACR Cryptology ePrint Archive 2014/373 (2014) [bib|doi|eprint]
Security analysis and bounds for the full-state keyed duplex with application to Ascon-128 and Ascon-128a:
Joan Daemen, Bart Mennink, Gilles Van Assche. Full-State Keyed Duplex with Built-In Multi-user Support. ASIACRYPT 2017. See also: IACR Cryptology ePrint Archive 2017/498 (2017) [bib|doi|eprint]
Analysis of the reforgeability of Ascon, i.e., the cost of obtaining multiple forgeries:
Christian Forler, Eik List, Stefan Lucks, Jakob Wenzel. Reforgeability of Authenticated Encryption Schemes. ACISP 2017. See also: IACR Cryptology ePrint Archive 2017/332 (2017) [bib|doi|eprint]
Ascon implementation
Siemen Dhooghe. Analyzing Masked Ciphers Against Transition and Coupling Effects. IACR Cryptology ePrint Archive 2021/1095 (2021) [bib|eprint]
Michael Tempelmeier, Fabrizio De Santis, Georg Sigl, Jens-Peter Kaps. The CAESAR-API in the real world – Towards a fair evaluation of hardware CAESAR candidates. HOST 2018 (2018) [bib|doi]
Noël Bangma. Ascon: An attempt in NEON on the Cortex-A8. Bachelor’s Thesis (2018) [web]
Alexandre Adomnicai, Jacques J. A. Fournier, Laurent Masson. Masking the Lightweight Authenticated Ciphers ACORN and Ascon in Software. IACR Cryptology ePrint Archive 2018/708 (2018) [bib|eprint]
Hannes Gross, Rinat Iusupov, Roderick Bloem. Generic Low-Latency Masking in Hardware. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018(2), 1–21. See also: IACR Cryptology ePrint Archive 2017/1223 (2018) [bib|doi|eprint]
Niels Samwel, Joan Daemen. DPA on hardware implementations of Ascon and Keyak. CF 2017 (2017) [bib|doi]
Hannes Groß, Erich Wenger, Christoph Dobraunig, Christoph Ehrenhöfer. Ascon hardware implementations and side-channel evaluation. Microprocessors and Microsystems 52, 470–479 (2017) [bib|doi]
Rajesh Kumar Pal. Implementation and Evaluation of Authenticated Encryption Algorithms on Java Card Platform (master’s thesis). Master’s Thesis (2017) [web|git]
Hannes Gross, Stefan Mangard. Reconciling d+1 Masking in Hardware and Software. CHES 2017. See also: IACR Cryptology ePrint Archive 2017/103 (2017) [bib|eprint]
Ralph Ankele, Robin Ankele. Software Benchmarking of the 2nd round CAESAR Candidates. IACR Cryptology ePrint Archive 2016/740 (2016) [bib|eprint]
Ko Stoffelen. Optimizing S-Box Implementations for Several Criteria Using SAT Solvers. FSE 2016. See also: IACR Cryptology ePrint Archive 2016/198 (2016) [bib|doi|eprint]
Liran Lerman, Olivier Markowitch, Nikita Veshchikov. Comparing Sboxes of Ciphers from the Perspective of Side-Channel Attacks. AsianHOST 2016. See also: IACR Cryptology ePrint Archive 2016/993 (2016) [bib|doi|eprint]
Niels Samwel. Side-Channel Analysis of Keccak and Ascon. Master’s Thesis (2016) [web]
Michael Fivez. Energy Efficient Hardware Implementations of CAESAR Submissions. Master’s Thesis (2016) [web|git]
Hannes Groß, Erich Wenger, Christoph Dobraunig, Christoph Ehrenhöfer. Suit up! – Made-to-Measure Hardware Implementations of Ascon. DSD 2015. See also: IACR Cryptology ePrint Archive 2015/034 (2015) [bib|doi|eprint]