Paper 2024/371
Preimage Attacks on Reduced-Round Ascon-Xof
Abstract
Ascon, a family of algorithms that supports authenticated encryption and hashing, has been selected as the new standard for lightweight cryptography in the NIST Lightweight Cryptography Project. Ascon’s permutation and authenticated encryption have been actively analyzed, but there are relatively few analyses on the hashing. In this paper, we concentrate on preimage attacks on Ascon-Xof. We focus on linearizing the polynomials leaked by the hash value to find its inverse. In an attack on 2-round Ascon-Xof, we carefully construct the set of guess bits using a greedy algorithm in the context of guess-and-determine. This allows us to attack Ascon-Xof more efficiently than the method in Dobraunig et al., and we fully implement our attack to demonstrate its effectiveness. We also provide the number of guess bits required to linearize one output bit after 3- and 4-round Ascon’s permutation, respectively. In particular, for the first time, we connect the result for 3-round Ascon to a preimage attack on Ascon-Xof with a 64-bit output. Our attacks primarily focus on analyzing weakened versions of Ascon-Xof, where the weakening involves setting all the IV values to 0 and omitting the round constants. Although our attacks do not compromise the security of the full Ascon-Xof, they provide new insights into their security.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Minor revision. Designs, Codes and Cryptography
- Keywords
- NISTAsconAscon-Xofhash functionpreimage attack
- Contact author(s)
-
hellosj3 @ kookmin ac kr
gi0412 @ kookmin ac kr
jskim @ kookmin ac kr - History
- 2024-03-01: approved
- 2024-02-29: received
- See all versions
- Short URL
- https://ia.cr/2024/371
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/371, author = {Seungjun Baek and Giyoon Kim and Jongsung Kim}, title = {Preimage Attacks on Reduced-Round Ascon-Xof}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/371}, year = {2024}, url = {https://eprint.iacr.org/2024/371} }