{"title":"利用 MRHS 方程对 Ascon 进行代数加密分析","authors":"Miloslav Smičík, Pavol Zajac","doi":"10.2478/tmmp-2024-0007","DOIUrl":null,"url":null,"abstract":"\n Ascon is a family of lightweight authenticated encryption and hashing algorithms, which is a finalist in the NIST Lightweight Cryptography competition. We study the Ascon algorithm from the perspective of algebraic cryptanalysis based on the MRHS representation of the cipher. We call such an approach an MRHS cryptanalysis.\n We represent the system on the gate level (focusing on individual AND-gates) and the S-box level (basing MRHS equations on 5-bit S-boxes). We compare the results from the application of two custom MRHS solvers. The RZ solver is based on linear algebra and exhaustive search. The HC solver is based on adaptive bit-flipping with restarts.\n We show that both the choice of the solver and the choice of the system representation influence the total complexity of the attack. On the other hand, these choices do not change the fundamental properties of the attack, such as scaling with the amount of information the attacker possesses. A similar assessment holds for using a scaled-down version of Ascon for the experiments. Our method can be used for the experimental evaluation of cipher designs against algebraic attacks.","PeriodicalId":38690,"journal":{"name":"Tatra Mountains Mathematical Publications","volume":"12 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Algebraic Cryptanalysis of Ascon Using MRHS Equations\",\"authors\":\"Miloslav Smičík, Pavol Zajac\",\"doi\":\"10.2478/tmmp-2024-0007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\n Ascon is a family of lightweight authenticated encryption and hashing algorithms, which is a finalist in the NIST Lightweight Cryptography competition. We study the Ascon algorithm from the perspective of algebraic cryptanalysis based on the MRHS representation of the cipher. We call such an approach an MRHS cryptanalysis.\\n We represent the system on the gate level (focusing on individual AND-gates) and the S-box level (basing MRHS equations on 5-bit S-boxes). We compare the results from the application of two custom MRHS solvers. The RZ solver is based on linear algebra and exhaustive search. The HC solver is based on adaptive bit-flipping with restarts.\\n We show that both the choice of the solver and the choice of the system representation influence the total complexity of the attack. On the other hand, these choices do not change the fundamental properties of the attack, such as scaling with the amount of information the attacker possesses. A similar assessment holds for using a scaled-down version of Ascon for the experiments. Our method can be used for the experimental evaluation of cipher designs against algebraic attacks.\",\"PeriodicalId\":38690,\"journal\":{\"name\":\"Tatra Mountains Mathematical Publications\",\"volume\":\"12 3\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-04-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Tatra Mountains Mathematical Publications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2478/tmmp-2024-0007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Mathematics\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Tatra Mountains Mathematical Publications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/tmmp-2024-0007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Mathematics","Score":null,"Total":0}
引用次数: 0
摘要
Ascon 是一系列轻量级认证加密和散列算法,曾入围 NIST 轻量级密码学竞赛。我们基于密码的 MRHS 表示,从代数密码分析的角度研究 Ascon 算法。我们称这种方法为 MRHS 密码分析。我们在门级(侧重于单个 AND 门)和 S 盒级(基于 5 位 S 盒的 MRHS 方程)上表示该系统。我们比较了两个定制 MRHS 解算器的应用结果。RZ 求解器基于线性代数和穷举搜索。HC 求解器基于自适应位翻转和重启。我们的研究表明,求解器的选择和系统表示的选择都会影响攻击的总复杂度。另一方面,这些选择并不会改变攻击的基本特性,例如随着攻击者掌握的信息量的增加而增加。使用缩小版的 Ascon 进行实验也有类似的评估结果。我们的方法可用于针对代数攻击的密码设计实验评估。
Algebraic Cryptanalysis of Ascon Using MRHS Equations
Ascon is a family of lightweight authenticated encryption and hashing algorithms, which is a finalist in the NIST Lightweight Cryptography competition. We study the Ascon algorithm from the perspective of algebraic cryptanalysis based on the MRHS representation of the cipher. We call such an approach an MRHS cryptanalysis.
We represent the system on the gate level (focusing on individual AND-gates) and the S-box level (basing MRHS equations on 5-bit S-boxes). We compare the results from the application of two custom MRHS solvers. The RZ solver is based on linear algebra and exhaustive search. The HC solver is based on adaptive bit-flipping with restarts.
We show that both the choice of the solver and the choice of the system representation influence the total complexity of the attack. On the other hand, these choices do not change the fundamental properties of the attack, such as scaling with the amount of information the attacker possesses. A similar assessment holds for using a scaled-down version of Ascon for the experiments. Our method can be used for the experimental evaluation of cipher designs against algebraic attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
