[go: up one dir, main page]

Paper 2024/371

Preimage Attacks on Reduced-Round Ascon-Xof

Seungjun Baek, Kookmin University
Giyoon Kim, Kookmin University
Jongsung Kim, Kookmin University
Abstract

Ascon, a family of algorithms that supports authenticated encryption and hashing, has been selected as the new standard for lightweight cryptography in the NIST Lightweight Cryptography Project. Ascon’s permutation and authenticated encryption have been actively analyzed, but there are relatively few analyses on the hashing. In this paper, we concentrate on preimage attacks on Ascon-Xof. We focus on linearizing the polynomials leaked by the hash value to find its inverse. In an attack on 2-round Ascon-Xof, we carefully construct the set of guess bits using a greedy algorithm in the context of guess-and-determine. This allows us to attack Ascon-Xof more efficiently than the method in Dobraunig et al., and we fully implement our attack to demonstrate its effectiveness. We also provide the number of guess bits required to linearize one output bit after 3- and 4-round Ascon’s permutation, respectively. In particular, for the first time, we connect the result for 3-round Ascon to a preimage attack on Ascon-Xof with a 64-bit output. Our attacks primarily focus on analyzing weakened versions of Ascon-Xof, where the weakening involves setting all the IV values to 0 and omitting the round constants. Although our attacks do not compromise the security of the full Ascon-Xof, they provide new insights into their security.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. Designs, Codes and Cryptography
Keywords
NISTAsconAscon-Xofhash functionpreimage attack
Contact author(s)
hellosj3 @ kookmin ac kr
gi0412 @ kookmin ac kr
jskim @ kookmin ac kr
History
2024-03-01: approved
2024-02-29: received
See all versions
Short URL
https://ia.cr/2024/371
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/371,
      author = {Seungjun Baek and Giyoon Kim and Jongsung Kim},
      title = {Preimage Attacks on Reduced-Round Ascon-Xof},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/371},
      year = {2024},
      url = {https://eprint.iacr.org/2024/371}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.