Abstract
Automated methods have become crucial components when searching for distinguishers against symmetric-key cryptographic primitives. While MILP and SAT solvers are among the most popular tools to model ciphers and perform cryptanalysis, other methods with different performance profiles are appearing. In this article, we explore the use of Constraint Programming (CP) for differential cryptanalysis on the Ascon authenticated encryption family (first choice of the CAESAR lightweight applications portfolio and current finalist of the NIST LWC competition) and its internal permutation. We first present a search methodology for finding differential characteristics for Ascon with CP, which can easily find the best differential characteristics already reported by the Ascon designers. This shows the capability of CP in generating easily good differential results compared to dedicated search heuristics. Based on our tool, we also parametrize the search strategies in CP to generate other differential characteristics with the goal of forming limited-birthday distinguishers for 4, 5, 6 and 7 rounds and rectangle attacks for 4 and 5 rounds of the Ascon internal permutation. We propose a categorization of the distinguishers into black-box and non-black-box to better differentiate them as they are often useful in different contexts. We also obtained limited-birthday distinguishers which represent currently the best known distinguishers for 4, 5 and 6 rounds under the category of non-black-box distinguishers. Leveraging again our tool, we have generated forgery attacks against both reduced-rounds Ascon-128 and Ascon-128a, improving over the best reported results at the time of writing. Finally, using the best differential characteristic we have found for 2 rounds, we could also improve a recent attack on round-reduced Ascon-Hash.
Highlights
With the increasing need for a cryptographic primitive providing both encryption and authentication, so-called authenticated encryption (AE), as well as the rise of lightweight cryptography, the National Institute of Standards and Technology (NIST) decided to start a new cryptographic competition in 2019 for lightweight authenticated encryption [oST21]
We focus our attention on the differential cryptanalysis of the Ascon permutation
We have explored the use of Constraint Programming (CP) to model the Ascon permutation and used it to find good differential characteristics for various attack scenarios
Summary
We use the differential characteristics found by CP to construct black-box/non-black-box limited-birthday distinguishers and rectangle distinguishers for the Ascon permutation. Using a similar strategy as in [ZDW19] and a new differential characteristic with a higher probability, we could improve the attacks on Ascon-Hash (Ascon-Hasha) reduced to 2 rounds (see Table 1).
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call