# Truncated, Impossible, and Improbable Differential Analysis of ASCON

### Cihangir Tezcan

#### Abstract

Ascon is an authenticated encryption algorithm which is recently qualified for the second-round of the Competition for Authenticated Encryption: Security, Applicability, and Robustness. So far, successful differential, differential-linear, and cube-like attacks on the reduced-round Ascon are provided. In this work, we provide the inverse of Ascon's linear layer in terms of rotations which can be used for constructing impossible differentials. We show that Ascon's S-box contains 35 undisturbed bits and we use them to construct 4 and 5-round truncated, impossible, and improbable differential distinguishers. Our results include practical 4-round truncated, impossible, and improbable differential attacks on Ascon. Our best attacks using these techniques break 5 out of 12 rounds. These are the first successful truncated, impossible, and improbable differential attacks on the reduced-round Ascon.

#### References

- Bertoni, G., Daemen, J., Peeters, M., and Assche, G. V. (2011). The Keccak SHA-3 submission. Submission to NIST (Round 3).
- Biham, E., Anderson, R. J., and Knudsen, L. R. (1998). Serpent: A new block cipher proposal. In Vaudenay, S., editor, Fast Software Encryption, 5th International Workshop, FSE 7898, Paris, France, March 23- 25, 1998, Proceedings, volume 1372 of Lecture Notes in Computer Science, pages 222-238. Springer.
- Biham, E., Biryukov, A., and Shamir, A. (2005). Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. J. Cryptology, 18(4):291-311.
- Biham, E. and Shamir, A. (1991). Differential cryptanalysis of DES-like cryptosystems. J. Cryptology, 4(1):3-72.
- Daemen, J. (2012). Permutation-based encryption, authentication and authenticated encryption. DIAC - Directions in Authenticated Ciphers.
- Dobraunig, C., Eichlseder, M., Mendel, F., and Schläffer, M. (2014). ASCON v1, submission to the CAESAR competition.
- Dobraunig, C., Eichlseder, M., Mendel, F., and Schläffer, M. (2015). Cryptanalysis of Ascon. In Nyberg, K., editor, Topics in Cryptology - CT-RSA 2015, The Cryptographer's Track at the RSA Conference 2015, San Francisco, CA, USA, April 20-24, 2015. Proceedings, volume 9048 of Lecture Notes in Computer Science, pages 371-387. Springer.
- Eisenbarth, T. and Ozt ürk, E., editors (2015). Lightweight Cryptography for Security and Privacy - Third International Workshop, LightSec 2014, Istanbul, Turkey, September 1-2, 2014, Revised Selected Papers, volume 8898 of Lecture Notes in Computer Science. Springer.
- Evertse, J.-H. (1987). Linear Structures in Blockciphers. In Chaum, D. and Price, W. L., editors, EUROCRYPT, volume 304 of Lecture Notes in Computer Science, pages 249-266. Springer.
- Jovanovic, P., Luykx, A., and Mennink, B. (2014). Beyond 2 c/2 security in sponge-based authenticated encryption modes. In Sarkar, P. and Iwata, T., editors, Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014. Proceedings, Part I, volume 8873 of Lecture Notes in Computer Science, pages 85-104. Springer.
- Knudsen, L. R. (1994). Truncated and higher order differentials. In Preneel, B., editor, Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14-16 December 1994, Proceedings, volume 1008 of Lecture Notes in Computer Science, pages 196-211. Springer.
- Makarim, R. H. and Tezcan, C. (2014). Relating undisturbed bits to other properties of substitution boxes. In (Eisenbarth and Ozt ürk, 2015), pages 109-125.
- Rivest, R. L. (2011). The invertibility of the XOR of rotations of a binary word. Int. J. Comput. Math., 88(2):281-284.
- Tezcan, C. (2010). The improbable differential attack: Cryptanalysis of reduced round CLEFIA. In Gong, G. and Gupta, K. C., editors, Progress in Cryptology - INDOCRYPT 2010 - 11th International Conference on Cryptology in India, Hyderabad, India, December 12- 15, 2010. Proceedings, volume 6498 of Lecture Notes in Computer Science, pages 197-209. Springer.
- Tezcan, C. (2014). Improbable differential attacks on Present using undisturbed bits. J. Computational Applied Mathematics, 259:503-511.
- Tezcan, C. and Ozbudak, F. (2014). Differential factors: Improved attacks on SERPENT. In (Eisenbarth and Ozt ürk, 2015), pages 69-84.
- Todo, Y. (2015). Structural evaluation by generalized integral property. In Oswald, E. and Fischlin, M., editors, Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science, pages 287-314. Springer.

#### Paper Citation

#### in Harvard Style

Tezcan C. (2016). **Truncated, Impossible, and Improbable Differential Analysis of ASCON** . In *Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,* ISBN 978-989-758-167-0, pages 325-332. DOI: 10.5220/0005689903250332

#### in Bibtex Style

@conference{icissp16,

author={Cihangir Tezcan},

title={Truncated, Impossible, and Improbable Differential Analysis of ASCON},

booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},

year={2016},

pages={325-332},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0005689903250332},

isbn={978-989-758-167-0},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,

TI - Truncated, Impossible, and Improbable Differential Analysis of ASCON

SN - 978-989-758-167-0

AU - Tezcan C.

PY - 2016

SP - 325

EP - 332

DO - 10.5220/0005689903250332