[Resource Topic] 2024/579: Tight Multi-user Security of Ascon and Its Large Key Extension

Resource Secret-key cryptography
#1

Welcome to the resource topic for 2024/579

Title:
Tight Multi-user Security of Ascon and Its Large Key Extension

Authors: Bishwajit Chakraborty, Chandranan Dhar, Mridul Nandi

Abstract:

The Ascon cipher suite has recently become the preferred standard in the NIST Lightweight Cryptography standardization process. Despite its prominence, the initial dedicated security analysis for the Ascon mode was conducted quite recently. This analysis demonstrated that the Ascon AEAD mode offers superior security compared to the generic Duplex mode, but it was limited to a specific scenario: single-user nonce-respecting, with a capacity strictly larger than the key size. In this paper, we eliminate these constraints and provide a comprehensive security analysis of the Ascon AEAD mode in the multi-user setting, where the capacity need not be larger than the key size. Regarding data complexity D and time complexity T, our analysis reveals that Ascon achieves AEAD security when T is bounded by \min\{2^{\kappa}/\mu, 2^c\} (where \kappa is the key size, and \mu is the number of users), and DT is limited to 2^b (with b denoting the size of the underlying permutation, set at 320 for Ascon). Our results align with NIST requirements, showing that Ascon allows for a tag size as small as 64 bits while supporting a higher rate of 192 bits, provided the number of users remains within recommended limits. However, this security becomes compromised as the number of users increases significantly. To address this issue, we propose a variant of the Ascon mode called LK-Ascon, which enables doubling the key size. This adjustment allows for a greater number of users without sacrificing security, while possibly offering additional resilience against quantum key recovery attacks. We establish tight bounds for LK-Ascon, and furthermore show that both Ascon and LK-Ascon maintain authenticity security even when facing nonce-misuse adversaries.

ePrint: https://eprint.iacr.org/2024/579

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .