The decryption of Ascon.

The decryption of Ascon.

Source publication
Research
Full-text available
Ascon is a new family of authenticated encryption algorithms, submitted to the CAESAR competition for authenticated ciphers. The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks.

Context in source publication

Context 1
... a more convenient notation, the rate and capacity parts of the state S are denoted by S r and S c , respectively. The encryption and decryption operations are illustrated in Figure 1 and Figure 2 and specified in Algorithm 1. ...

Similar publications

Article
Full-text available
Authentication and cryptography have been used to address security issues on various online services. However, studies have shown that even the most commonly-used multi-factor out-of-band authentication mechanism is vulnerable to attacks while traditional crypto-algorithms exhibit drawbacks. In the present study, an innovative modification of the B...
Article
Full-text available
LightMAC is one of MAC algorithm based on a block cipher that use two independent keys. As a MAC algorithm, it should be able to fulfill computation resistance. MAC algorithm is vulnerable to forgery attack if that property does not hold. There are three type of forgery attacks i.e., selective, rxistential, and universal forgery attack. In this pap...

Citations

... The CAESAR competition [2] was a cryptographic competition that was active from 2013 to 2017, where numerous cipher were introduced for suitable use case. ASCON is a submission by Dobraunig et al [13] [14]. ASCON was one of the five finalist of the competition and was suitable for light-weight application use case. ...
Preprint
Portable Document Format (PDF) is a file format which is used worldwide as de-facto standard for exchanging documents. In fact this document that you are currently reading has been uploaded as a PDF. Confidential information is also exchanged through PDFs. According to PDF standard ISO 3000-2:2020, PDF supports encryption to provide confidentiality of the information contained in it along with digital signatures to ensure authenticity. At present, PDF encryption only supports Advanced Encryption Standard (AES) to encrypt and decrypt information. However, Lightweight Cryptography, which is referred to as crypto for resource constrained environments has gained lot of popularity specially due to the NIST Lightweight Cryptography (LWC) competition announced in 2018 for which ASCON was announced as the winner in February 2023. The current work constitutes the first attempt to benchmark Java implementations of NIST LWC winner ASCON and finalist XOODYAK against the current PDF encryption standard AES. Our research reveals that ASCON emerges as a clear winner with regards to throughput when profiled using two state-of-the-art benchmarking tools YourKit and JMH.
... The selection was further narrowed down to ten finalists that performed significantly better. After another year of extensive analysis and performance benchmarking, the Ascon family was selected as the winner of NIST lightweight encryption contest [9]. Ascon was also selected earlier in 2019 as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition [10]. ...
Article
Full-text available
The Internet of Things (IoT) nodes consist of sensors that collect environmental data and then perform data exchange with surrounding nodes and gateways. Cybersecurity attacks pose a threat to the data security that is being transmitted in any IoT network. Cryptographic primitives are widely adopted to address these threats; however, the substantial computation demands limit their applicability in the IoT ecosystem. In addition, each IoT node varies with respect to the area and throughput (TP) requirements, thus demanding flexible implementation for encryption/decryption processes. To solve these issues, this work implements the NIST lightweight cryptography standard, Ascon, on a SAED 32 nm process design kit (PDK) library by employing loop folded, loop unrolled and fully unrolled architectures. The fully unrolled architecture can achieve the highest TP but at the cost of higher area utilisation. Unrolling by a lower factor results in lower area implementations, enabling the exploration of design space to tackle the trade-off between area and TP performance of the design. The implementation results show that, for loop folded architecture, Ascon-128 and Ascon-128a require 36.7k \upmu \textrm{m}^{2} μ m 2 and 38.5k \upmu \textrm{m}^{2} μ m 2 chip area, respectively compared to 277.1k \upmu \textrm{m}^{2} μ m 2 and 306.6k \upmu \textrm{m}^{2} μ m 2 required by their fully unrolled implementations. The proposed implementation strategies can adjust the number of rounds to accommodate the varied requirements of IoT ecosystems. An implementation with an open-source 45 nm PDK library is also undertaken for enhanced generalization and reproducibility of the results.
... The Finalization phase provides the 128-bit authentication tag T . For more details about different parts of Ascon primitive, one can see [41]. ...
Article
Full-text available
Despite considerable achievements of deep learning-based side-channel analysis, overfitting represents a significant obstacle in finding optimized neural network models. This issue is not unique to the side-channel domain. Regularization techniques are popular solutions to overfitting and have long been used in various domains. At the same time, the works in the side-channel domain show sporadic utilization of regularization techniques. What is more, no systematic study investigates these techniques’ effectiveness. In this paper, we aim to investigate the regularization effectiveness on a randomly selected model, by applying 4 powerful and easy-to-use regularization techniques to 8 combinations of datasets, leakage models, and deep learning topologies. The investigated techniques are L1L_1 L 1 , L2L_2 L 2 , dropout, and early stopping. Our results show that while all these techniques can improve performance in many cases, L1L_1 L 1 and L2L_2 L 2 are the most effective. Finally, if training time matters, early stopping is the best technique.
... ASCON stands as a renowned AEAD primitive, which ensures the preservation of data integrity, confidentiality, and authenticity, all accomplished without the use of a message authentication code. Distinguished by its inverse-free, single pass, and online symmetric block cipher characteristics [40], ASCON's encryption and decryption procedures can be summed up as follows. ...
... Remark 4. In our pragmatic study, we have explored two types of computational times: Case 1: We measured the computational time required for mining a varied number of blocks (20,30,40,50, and 60) into the blockchain. Each block in this case contains a fixed number of transactions (35). ...
... Case 2: We assessed the computational time needed for mining a fixed number of blocks (25) into the blockchain. However, in this scenario, each block contains a varied number of transactions (20,40,60,80, and 100). To estimate the computational time in both cases, we considered the summation of the following factors according to the PBFT consensus algorithm: (i) the time required to establish a socket connection between two P2P server nodes. ...
Article
Intelligent Transportation Systems (ITS) supported by smart vehicles have revolutionized modern transportation, offering a wide range of applications and services, such as electronic toll collection, collision avoidance alarms, real-time parking management, and traffic planning. However, the open communication channels among various entities, including smart vehicles, roadside infrastructure, and fleet management systems, introduce security and privacy vulnerabilities. To address these concerns, we propose a novel security framework, named blockchain-assisted lightweight authenticated key agreement security framework for smart vehicles-enabled ITS (BASF-ITS), which ensures data protection both during transit and while stored on cloud servers. BASF-ITS employs a combination of efficient cryptographic primitives, including hash functions, XOR operator, ASCON, elliptic curve cryptography, and physical unclonable functions (PUF), to design authenticated key agreement schemes. The inclusion of PUF significantly enhances the system’s resistance to physical attacks, preventing tampering attempts. To ensure data integrity when stored on the cloud, our framework incorporates blockchain technology. By leveraging the immutability and decentralization of the blockchain, BASF-ITS effectively safeguards data at rest, providing an additional layer of security. We rigorously analyze the security of BASF-ITS and demonstrate its strong resistance against potential security ass aults, making it a robust and reliable solution for smart vehicle-enabled ITS. In a comparative analysis with contemporary competing schemes, BASF-ITS emerges as a promising approach, offering superior functionality traits, enhanced security features, and reduced computation, communication, and storage costs. Furthermore, we present a practical implementation of BASF-ITS using blockchain technology, showcasing the computational time versus the “transactions per block” and the “number of mined blocks”, confirming its efficiency and viability in real-world scenarios. Note to Practitioners —This article is motivated by designing an efficient, lightweight, and anonymous blockchain-enabled authenticated security framework that can fix the security and privacy concerns in insecure environments for ITS applications, such as automated road speed enforcement, collision avoidance alarm systems, and traffic planning and management, etc. Authenticated key agreement schemes are extensively used to secure communications in the ITS environment. However, the existing state-of-the-art schemes are not efficient in terms of performance, are not resilient against potential security attacks, and do not support anonymity, untraceability, and unlinkability. Therefore, we propose the authenticated security framework to secure communication among the participating entities in the ITS environment. It utilizes efficient cryptographic primitives, such as hash function, XOR-operator, ASCON, elliptic curve cryptography, and PUF. It is shown that the proposed framework can be deployed as a robust tool to address the ITS security problems efficiently. Moreover, the proposed framework is lightweight and efficient and can be easily deployed in various ITS applications and other resource-constrained environments. However, the participating entities, such as vehicles and roadside units, must be PUF-enabled to deploy the proposed framework.
... These new rapidly developing applications demand high device performance and energy efficiency. As a result, there has been a growing interest in reducing the complexity and energy consumption of hardware implementation while ensuring the security of the cryptographic system [DEMS16,BJK + 20]. ...
... Various works such as [SKOP15], [KLSW17], [CTG16], and [LS16] have explored the design of matrices containing special structures like circulant, Hadamard, Toeplitz, or involution matrices, aiming to reduce the number of XOR operations. Moreover, Ascon [DEMS16], the winner of the NIST lightweight cryptography cipher competition, employs the permutation which costs two binary XOR operations per bit. Recently in CRYPTO 2023, Solane et al. [EHDRM23] constructed a new linear layer called the "Twin column parity mixer", which requires only 3.2 XOR operations per bit and has a bitwise differential branch number of 12 (4 for linear branch number). ...
Article
Full-text available
This paper presents a novel approach to optimizing the linear layer of block ciphers using the matrix decomposition framework. It is observed that the reduction properties proposed by Xiang et al. (in FSE 2020) need to be improved. To address these limitations, we propose a new reduction framework with a complete reduction algorithm and swapping algorithm. Our approach formulates matrix decomposition as a new framework with an adaptive objective function and converts the problem to a Graph Isomorphism problem (GI problem). Using the new reduction algorithm, we were able to achieve lower XOR counts and depths of quantum implementations under the s-XOR metric. Our results outperform previous works for many linear layers of block ciphers and hash functions; some of them are better than the current g-XOR implementation. For the AES MixColumn operation, we get two implementations with 91 XOR counts and depth 13 of in-place quantum implementation, respectively.
... Development of ASCON ASCON participated in Round 1 of the CEASER competition [3] and introduced its initial design, version v1. ASCON specified a permutation and authenticated encryption mode, recommending ASCON-128 as the primary choice and ASCON-96 as a variant with a 96-bit key. ...
Article
Full-text available
Lightweight cryptography algorithms are a class of ciphers designed to protect data generated and transmitted by the Internet of Things. They typically have low requirements in terms of storage space and power consumption, and are well-suited for resource-limited application scenarios such as embedded systems, actuators, and sensors. The NIST-approved competition for lightweight cryptography aims to identify lightweight cryptographic algorithms that can serve as standards. Its objective is to enhance data security in various scenarios. Among the chosen standards for lightweight cryptography, ASCON has been selected. ASCON-HASH is a hash function within the ASCON family. This paper presents a detailed analysis of the differential characteristics of ASCON-HASH, utilizing the quadratic S-box. Additionally, we employ message modification techniques and ultimately demonstrate a non-practical collision attack on the 2-round ASCON-HASH, requiring a time complexity of 2⁹⁸ hash function calls.
... ASCON [21], developed in 2014 by a team of cryptographers from Graz University of Technology, Infineon Technologies, Lamar Security Research Center, and Radboud University, was selected as the first choice for lightweight encryption in the CAESAR Competition's final product portfolio in 2019. On March 29, 2021, the ASCON was one of 10 candidates in the third round of the NIST Lightweight cryptographic algorithm collection. ...
Article
Full-text available
In this paper, we discuss the quantum circuit implementations of the lightweight authenticated encryption algorithm ASCON by using the NOT gates, CNOT gates, Toffoli gates, measurements, and the dynamic quantum circuits. Firstly, the quantum circuit of addition of constants is realized by adding the NOT gates according to the position of 1 in round constants. Secondly, the quantum circuit of S-box of the permutation is synthesized according to the classical circuit diagram of S-box. Then the linear layer functions are expressed in matrix form, and their quantum circuits are synthesized according to Gaussian elimination. Finally, we synthesize the whole quantum circuits according to the general diagrams of the authenticated encryption algorithm ASCON. The correctness of the quantum circuits of the S-box and the linear layer was verified by the Aer simulator of the IBM Quantum platform. As far as we know, this is the first implementation of the quantum circuits for the Authenticated Encryption with Associated Data (AEAD) of ASCON in-place. The maximum quantum resources for the three ASCON authenticated encryption algorithms were estimated. The quantum circuit of ASCON-128 uses a total of 320 qubits, 30,639 NOT gates, 128,814 CNOT gates, 8064 Toffoli gates, 10,752 measurements, and 5376 dynamic quantum circuits. The quantum circuit of ASCON-128a uses a total of 320 qubits, 23,558 NOT gates, 98,144 CNOT gates, 6144 Toffoli gates, 8192 measurements, and 4096 dynamic quantum circuits. The quantum circuit of ASCON-80pq uses a total of 320 qubits, 30,736 NOT gates, 128,814 CNOT gates, 8064 Toffoli gates, 10,752 measurements, and 5376 dynamic quantum circuits.
... A misstep or oversight, and the door might open to cunning attackers [10]. 4. Then we have the Permutation Artisans, creators of masterpieces like ASCON [11], PHOTON-Beetle [12], and Oribatida [13]. These experts Advances and Challenges in Science and Technology Vol. 6 Secure and Resilient Authenticated Encryption Approach Based on Chaotic Neural Networks and Duplex Construction harness the power of the mysterious Sponge functions. ...
... Ascon, an AE scheme defined on 64-bit words, was proposed by Dobraunig et al. in 2016 [11]. Ascon's mode of operation is similar to that used in MonkeyDuplex construction, but uses a stronger keyed initialization and keyed finalization function. ...
Chapter
This chapter delves deep into the intricate interplay of procedures that underline the foundations of Authenticated Encryption (AE) and its significance in preserving the confidentiality and authenticity of our digital communications. As the digital age progresses, telecommunication systems have shifted towards digital paradigms, driven not only by the affordability and accessibility of digital components but also by the inherent benefits they bring. Herein, we introduce a distinct approach from the Standard Duplex Construction (SDC) known as the Modified Duplex Construction (MDC). The MDC incorporates two pivotal phases: the initialization phase and the duplexing phase, each encompassing a Chaotic Neural Network Revised (CNNR) defined by a singular-layered neural structure enriched with non-linear functionalities. The chapter further discusses the implementation of MDC in two specific widths of 512 and 1024 bits. A rigorous evaluation of this construction against various cryptanalytic threats showcases its resilience and robustness. In this discourse, readers will encounter the development, realization, and analysis of a novel Authenticated Encryption with Associated Data Scheme (AEADS), conceived from the chaotic realms of neural networks. The chapter explicates the encryption and decryption processes of AEADS, emphasizing the crucial role of variables such as IV, K, AD, and M in encryption, and C and T in decryption. The reliability of the decryption is contingent on the alignment of computed and received tags, dictating either the decryption of the original message or the generation of an error. The decryption intricacies, encompassing variables like C, T, IV, K, and AD, are also elucidated. Two distinct processes have been instituted for message lengths spanning 64 and 128 bytes, providing a comprehensive view of the scheme’s versatility.
... Furthermore, even on the ARMv8 platform, specifically the Cortex-A72 processor in a Raspberry Pi 4B, XForró14-Poly1305 outperforms XChaCha20-Poly1305, through the use of the Xote technique discovered in [Coutinho et al. 2022, Coutinho et al. 2023]. Another interesting comparison can be drawn against lightweight cryptographic alternatives, such as ASCON, a winner of the NIST competition [Dobraunig et al. 2016]. Unfortunately, libsodium does not support ASCON, and its implementation was beyond the scope of this paper. ...
Conference Paper
At Asiacrypt 2022 and its extended version at Journal of Cryptology 2023, Coutinho et al. proposed Forró, a novel ARX-based stream cipher with a design reminiscent of Salsa and ChaCha ciphers. The authors demonstrated that Forró provides a higher security margin using fewer operations, thereby reducing the total number of rounds while preserving the security level. This results in a faster cipher across various platforms, particularly on constrained devices. However, Forró’s primary limitation is its exclusive encryption capability, with no authentication support. To address this issue, in this paper, we introduce the XForró14 cipher and combine it with Poly1305 to create an Authenticated Encryption with Associated Data (AEAD) scheme. Furthermore, to facilitate the practical implementation of this cipher, we have developed a new fork of the libsodium project (https://doc.libsodium.org/), incorporating XForró14-Poly1305 as a fresh AEAD alternative. Our project can be accessed at https://github.com/murcoutinho/libsodium.
... Their design was implemented on the Virtex 6 Xilinx FPGA device. They achieved higher frequencies compared to our work and the benchmarked work, but their most lightweight design (CiliPadi-Mild) still consumes more logic resources, even in comparison to their benchmarked proposals [42,43]. The authors of [21] aimed to design an authenticated encryption architecture and reuse the datapath functions by integrating an LED block cipher with the PHOTON hash function. ...
Article
Full-text available
IoT devices and embedded systems are deployed in critical environments, emphasizing attributes like power efficiency and computational capabilities. However, these constraints stress the paramount importance of device security, stimulating the exploration of lightweight cryptographic mechanisms. This study introduces a lightweight architecture for authenticated encryption tailored to these requirements. The architecture combines the lightweight encryption of the LED block cipher with the authentication of the PHOTON hash function. Leveraging shared internal operations, the integration of these bases optimizes area–performance tradeoffs, resulting in reduced power consumption and a reduced logic footprint. The architecture is synthesized and simulated using Verilog HDL, Quartus II, and ModelSim, and implemented on Cyclone FPGA devices. The results demonstrate a substantial 14% reduction in the logic area and up to a 46.04% decrease in power consumption in contrast to the individual designs of LED and PHOTON. This work highlights the potential for using efficient cryptographic solutions in resource-constrained environments.