New models for the cryptanalysis of ASCON

IF 1.4 2区数学 Q3 COMPUTER SCIENCE, THEORY & METHODS

Designs, Codes and Cryptography Pub Date : 2025-02-08 DOI:10.1007/s10623-025-01572-5

Mathieu Degré, Patrick Derbez, Lucie Lahaye, André Schrottenloher

{"title":"New models for the cryptanalysis of ASCON","authors":"Mathieu Degré, Patrick Derbez, Lucie Lahaye, André Schrottenloher","doi":"10.1007/s10623-025-01572-5","DOIUrl":null,"url":null,"abstract":"<p>This paper focuses on the cryptanalysis of the ASCON family using automatic tools. We analyze two different problems with the goal to obtain new modelings, both simpler and less computationally heavy than previous works (all our models require only a small amount of code and run on regular desktop computers). The first problem is the search for Meet-in-the-middle attacks on reduced-round ASCON–XOF. Starting from the MILP modeling of Qin et al. (Meet-in-the-middle preimage attacks on sponge-based hashing. In: EUROCRYPT (4). Lecture notes in computer science, vol 14007. Springer, pp. 158–188, 2023. https://doi.org/10.1007/978-3-031-30634-1_6), we rephrase the problem in SAT, which accelerates significantly the solving time and removes the need for the “weak diffusion structure” heuristic. This allows us to reduce the memory complexity of Qin et al.’s attacks and to prove some optimality results. The second problem is the search for lower bounds on the probability of differential characteristics for the ASCON permutation. We introduce a lossy MILP encoding of the propagation rules based on the Hamming weight, in order to find quickly lower bounds which are comparable to the state of the art. We find a small improvement over the existing bound on 7 rounds.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"47 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2025-02-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Designs, Codes and Cryptography","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.1007/s10623-025-01572-5","RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

This paper focuses on the cryptanalysis of the ASCON family using automatic tools. We analyze two different problems with the goal to obtain new modelings, both simpler and less computationally heavy than previous works (all our models require only a small amount of code and run on regular desktop computers). The first problem is the search for Meet-in-the-middle attacks on reduced-round ASCON–XOF. Starting from the MILP modeling of Qin et al. (Meet-in-the-middle preimage attacks on sponge-based hashing. In: EUROCRYPT (4). Lecture notes in computer science, vol 14007. Springer, pp. 158–188, 2023. https://doi.org/10.1007/978-3-031-30634-1_6), we rephrase the problem in SAT, which accelerates significantly the solving time and removes the need for the “weak diffusion structure” heuristic. This allows us to reduce the memory complexity of Qin et al.’s attacks and to prove some optimality results. The second problem is the search for lower bounds on the probability of differential characteristics for the ASCON permutation. We introduce a lossy MILP encoding of the propagation rules based on the Hamming weight, in order to find quickly lower bounds which are comparable to the state of the art. We find a small improvement over the existing bound on 7 rounds.

查看原文本刊更多论文

ASCON密码分析的新模型

本文主要研究使用自动工具对ASCON系列进行密码分析。我们分析了两个不同的问题，目的是获得新的模型，比以前的工作更简单，计算量更少（我们所有的模型只需要少量的代码，并在普通的台式计算机上运行）。第一个问题是寻找针对减少回合ASCON-XOF的中间相遇攻击。从Qin等人基于海绵哈希的中间相遇预像攻击的MILP建模开始。在：EUROCRYPT(4).讲座笔记在计算机科学，卷14007。《中国科学》，第158-188页，2023。https://doi.org/10.1007/978-3-031-30634-1_6)，我们在SAT中重新表述了这个问题，这大大加快了求解时间，并且消除了对“弱扩散结构”启发式的需要。这使我们能够降低秦等人攻击的内存复杂度，并证明一些最优性结果。第二个问题是寻找ASCON排列的微分特征概率的下界。我们引入了一种基于Hamming权值的传播规则的有损MILP编码，以便快速找到与当前技术水平相当的下界。我们发现在现有的7轮界上有一个小的改进。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Designs, Codes and Cryptography 工程技术-计算机：理论方法

CiteScore

2.80

自引率

12.50%

发文量

157

审稿时长

16.5 months

期刊介绍： Designs, Codes and Cryptography is an archival peer-reviewed technical journal publishing original research papers in the designated areas. There is a great deal of activity in design theory, coding theory and cryptography, including a substantial amount of research which brings together more than one of the subjects. While many journals exist for each of the individual areas, few encourage the interaction of the disciplines. The journal was founded to meet the needs of mathematicians, engineers and computer scientists working in these areas, whose interests extend beyond the bounds of any one of the individual disciplines. The journal provides a forum for high quality research in its three areas, with papers touching more than one of the areas especially welcome. The journal also considers high quality submissions in the closely related areas of finite fields and finite geometries, which provide important tools for both the construction and the actual application of designs, codes and cryptographic systems. In particular, it includes (mostly theoretical) papers on computational aspects of finite fields. It also considers topics in sequence design, which frequently admit equivalent formulations in the journal’s main areas. Designs, Codes and Cryptography is mathematically oriented, emphasizing the algebraic and geometric aspects of the areas it covers. The journal considers high quality papers of both a theoretical and a practical nature, provided they contain a substantial amount of mathematics.