2022
DOI: 10.46586/tosc.v2022.i3.303-340
|View full text |Cite
|
Sign up to set email alerts
|

Towards Tight Differential Bounds of Ascon

Abstract: Being one of the winners of the CAESAR competition and a finalist of the ongoing NIST lightweight cryptography competition, the authenticated encryption with associated data algorithm Ascon has withstood extensive security evaluation. Despite the substantial cryptanalysis, the tightness on Ascon’s differential bounds is still not well-understood until very recently, at ToSC 2022, Erlacher et al. have proven lower bounds (not tight) on the number of differential and linear active Sboxes for 4 and 6 rounds. Howe… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
2

Relationship

1
4

Authors

Journals

citations
Cited by 7 publications
(2 citation statements)
references
References 9 publications
0
2
0
Order By: Relevance
“…To generate these states, we use the tree traversal technique and we make use of the two-level tree search as well as canonicity and a score function, both defined in [18]. We further use Satisfiability Modulo Theories (SMT) and Mixed-Integer Linear Programming (MILP) in a hybrid manner [28] to obtain bounds on the differential and linear trails. We then discuss our results in Table 5.…”
Section: Trail Search and Boundsmentioning
confidence: 99%
See 1 more Smart Citation
“…To generate these states, we use the tree traversal technique and we make use of the two-level tree search as well as canonicity and a score function, both defined in [18]. We further use Satisfiability Modulo Theories (SMT) and Mixed-Integer Linear Programming (MILP) in a hybrid manner [28] to obtain bounds on the differential and linear trails. We then discuss our results in Table 5.…”
Section: Trail Search and Boundsmentioning
confidence: 99%
“…Moreover, they do not lend themselves to easy proofs for strong lower bounds on the number of active S-boxes over 4 or more rounds. Still, with computer-aided techniques, strong bounds have been achieved for Keccak-f [30], Xoodoo [14] and Ascon-p [18,28].…”
Section: Introductionmentioning
confidence: 99%