Chang, D.
, Kang, J.
and Sonmez Turan, M.
(2022),
A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934568 (Accessed April 25, 2026)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting
Published
Author(s)
, ,
Abstract
Ascon is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. In 2019, Ascon was also selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition. The Ascon family includes three variants; Ascon-128 (primary), Ascon-128a, and Ascon-80pq. In this paper, we study the security of Ascon-128a in a nonce-misuse setting, and present new state and key recovery attacks on a reduced-round Ascon-128a in which the internal permutation for associated data and message processing is reduced from 8 to 7 rounds (the number of rounds for initialization and finalization remain unchanged). Our state-recovery attack requires $2^117}$ data and $2^118}$ time with negligible memory. After recovering the state, again in a nonce-misuse scenario, secret key can be recovered with additional $2^32}$ data, $2^97.6}$ time and $2^32}$ memory complexities. The presented attacks do not violate the security claims of the designers.Pub Type
Talks
Download Paper
Keywords
lightweight cryptography, Ascon, cube attacks
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created May 9, 2022, Updated November 29, 2022