Ascon (cipher)
   HOME

TheInfoList



Click Here for Items Related To - Ascon (cipher)
OR:
Ascon (cipher) on:   [Wikipedia]   [Google]   [Amazon]

Ascon is a family of
lightweight Lightweight is a weight class in combat sports and rowing (sport), rowing. Boxing Professional boxing The lightweight division is over 130 pounds (59 kilograms) and up to 135 pounds (61.2 kilograms) boxing weight classes, weight class in the spor ...
authenticated ciphers that had been selected by US
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
(NIST) for future standardization of the lightweight cryptography.


History

Ascon was developed in 2014 by a team of researchers from Graz University of Technology,
Infineon Technologies Infineon Semiconductor solutions is the largest microcontroller manufacturer in the world, as well as Germany's largest semiconductor manufacturer. It is also the leading automotive semiconductor manufacturer globally. Infineon had roughly 58,0 ...
, Lamarr Security Research, and
Radboud University Radboud University (abbreviated as RU, , formerly ) is a public research university located in Nijmegen, Netherlands. RU has seven faculties and more than 24,000 students. Established in 1923, Radboud University has consistently been included in ...
. The cipher family was chosen as a finalist of the
CAESAR Competition The Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) is a competition organized by a group of international cryptologic researchers to encourage the design of authenticated encryption schemes. The compet ...
in February 2019. NIST had announced its decision on February 7, 2023 with the following intermediate steps that would lead to the eventual standardization: * Publication of NIST IR 8454 describing the process of evaluation and selection that was used; * Preparation of a new draft for public comments; * Public workshop to be held on June 21–22, 2023.


Design

The design is based on a sponge construction along the lines of SpongeWrap and MonkeyDuplex. This design makes it easy to reuse Ascon in multiple ways (as a cipher,
hash Hash, hashes, hash mark, or hashing may refer to: Substances * Hash (food), a coarse mixture of ingredients, often based on minced meat * Hash (stew), a pork and onion-based gravy found in South Carolina * Hash, a nickname for hashish, a canna ...
, or a
MAC Mac or MAC may refer to: Common meanings * Mac (computer), a line of personal computers made by Apple Inc. * Mackintosh, a raincoat made of rubberized cloth * Mac, a prefix to surnames derived from Gaelic languages * McIntosh (apple), a Canadi ...
). As of February 2023, the Ascon suite contained seven ciphers, including: * Ascon-128 and Ascon-128a authenticated ciphers; * Ascon-Hash cryptographic hash; * Ascon-Xof extendable-output function; * Ascon-80pq cipher with an "increased" 160-bit key. The main components have been borrowed from other designs: * substitution layer utilizes a modified
S-box In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Clau ...
from the function of
Keccak SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
; * permutation layer functions are similar to the \Sigma of
SHA-2 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
.


Parameterization

The ciphers are parameterizable by the
key length In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastest known at ...
''k'' (up to 128 bits), "rate" ( block size) ''r'', and two numbers of rounds ''a'', ''b''. All algorithms support
authenticated encryption Authenticated Encryption (AE) is an encryption scheme which simultaneously assures the data confidentiality (also known as privacy: the encrypted message is impossible to understand without the knowledge of a secret key) and authenticity (in othe ...
with plaintext P and additional authenticated data A (that remains unencrypted). The encryption input also includes a public nonce N, the output -
authentication tag In cryptography, a message authentication code (MAC), sometimes known as an authentication tag, is a short piece of information used for authenticating and integrity-checking a message. In other words, it is used to confirm that the message came ...
T, size of the ciphertext C is the same as that of P. The decryption uses N, A, C, and T as inputs and produces either P or signals verification failure if the message has been altered. Nonce and tag have the same size as the key K (''k'' bits). In the CAESAR submission, two sets of parameters were recommended:


Padding

The data in both A and P is padded with a single bit with the value of 1 and a number of zeros to the nearest multiple of bits. As an exception, if A is an empty string, there is no padding at all.


State

The state consists of 320 bits, so the capacity c=320-r. The state is initialized by an initialization vector IV (constant for each cipher type, e.g., hex 80400c0600000000 for Ascon-128) concatenated with K and N.


Transformation

The initial state is transformed by applying times the transformation function (p^a). On encryption, each word of A , , P is XORed into the state and the is applied times (p^b). The ciphertext C is contained in the first bits of the result of the XOR. Decryption is near-identical to encryption. The final stage that produces the tag T consists of another application of p^a; the special values are XORed into the last bits after the initialization, the end of A, and before the finalization. Transformation consists of three layers: * p_C, XORing the
round constant In cryptography, a round or round function is a basic transformation that is repeated ( iterated) multiple times inside the algorithm. Splitting a large algorithmic function into rounds simplifies both implementation and cryptanalysis. For exampl ...
s; * p_S, application of 5-bit
S-box In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Clau ...
es; * p_L, application of linear diffusion.


Test vectors

Hash values of an empty string (i.e., a zero-length input text) for both the XOF and non-XOF variants. 0x 7346bc14f036e87ae03d0997913088f5f68411434b3cf8b54fa796a80d251f91 0x aecd027026d0675f9de7a8ad8ccf512db64b1edcf0b20c388a0c7cc617aaa2c4 0x 5d4cbde6350ea4c174bd65b5b332f8408f99740b81aa02735eaefbcf0ba0339e 0x 7c10dffd6bb03be262d72fbe1b0f530013c6c4eadaabde278d6f29d579e3908d Even a small change in the message will (with overwhelming probability) result in a different hash, due to the
avalanche effect In cryptography, the avalanche effect is the desirable property of cryptographic algorithms, typically block ciphers and cryptographic hash functions, wherein if an input is changed slightly (for example, flipping a single bit), the output changes ...
. 0x 3375fb43372c49cbd48ac5bb6774e7cf5702f537b2cf854628edae1bd280059e 0x c9744340ed476ac235dd979d12f5010a7523146ee90b57ccc4faeb864efcd048


See also

* Simon and Speck, earlier lightweight cipher families released by the U.S.
National Security Agency The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...


References


Sources

* * * *


External links

* Authenticated-encryption schemes Extendable-output functions Cryptographic hash functions {{cryptography-stub