@article{Rohit_Hu_Sarkar_Sun_2021, title={Misuse-Free Key-Recovery and Distinguishing Attacks on 7-Round Ascon}, volume={2021}, url={https://tosc.iacr.org/index.php/ToSC/article/view/8835}, DOI={10.46586/tosc.v2021.i1.130-155}, abstractNote={<p>Being one of the winning algorithms of the CAESAR competition and currently a second round candidate of the NIST lightweight cryptography standardization project, the authenticated encryption scheme Ascon (designed by Dobraunig, Eichlseder, Mendel, and Schläffer) has withstood extensive self and third-party cryptanalysis. The best known attack on Ascon could only penetrate up to 7 (out of 12) rounds due to Li et al. (ToSC Vol I, 2017). However, it violates the data limit of 2<sup>64</sup> blocks per key specified by the designers. Moreover, the best known distinguishers of Ascon in the AEAD context reach only 6 rounds. To fill these gaps, we revisit the security of 7-round Ascon in the nonce-respecting setting without violating the data limit as specified in the design. First, we introduce a new superpoly-recovery technique named as <em>partial polynomial multiplication</em> for which computations take place between the so-called degree-<em>d</em> homogeneous parts of the involved Boolean functions for a 2<em>d</em>-dimensional cube. We apply this method to 7-round Ascon and present several key recovery attacks. Our best attack can recover the 128-bit secret key with a time complexity of about 2<sup>123</sup> 7-round Ascon permutations and requires 2<sup>64</sup> data and 2<sup>101</sup> bits memory. Also, based on division properties, we identify several 60 dimensional cubes whose superpolies are constant zero after 7 rounds. We further improve the cube distinguishers for 4, 5 and 6 rounds. Although our results are far from threatening the security of full 12-round Ascon, they provide new insights in the security analysis of Ascon.</p>}, number={1}, journal={IACR Transactions on Symmetric Cryptology}, author={Rohit, Raghvendra and Hu, Kai and Sarkar, Sumanta and Sun, Siwei}, year={2021}, month={Mar.}, pages={130–155} }