标题：Cryptanalysis of round-reduced ASCON
作者：Li, Yanbin; Zhang, Guoyan; Wang, Wei; Wang, Meiqin
作者机构：[Li Yanbin] Shandong University, Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Ji'nan, Shandong 250100, Ch 更多
通讯作者地址：[Wang, MQ]Shandong Univ, Key Lab Cryptol Technol & Informat Secur, Minist Educ, Jinan 250100, Peoples R China;[Wang, MQ]State Cryptog Adm, State Key L 更多
关键词：Cryptanalysis; ASCON; cryptanalysis
摘要：ASCON~(1)) is a candidate to the ongoing CAESAR competition~(2)) which is launched to identify good authenticated encryption schemes from 2013. In CT-RSA 2015, the designers performed several detailed cryptanalysis on ASCON which retrieved the key for ASCON with at most 6-round initialization in a nonce-respecting scenario . They also gave forgery attacks on 3/4-round finalization with 2~(33)/2~(101) messages in a nonce-misuse scenario. This article provides key recovery attacks on round-reduced version of ASCON with 7 rounds initialization and 5 rounds phase of plaintext processing, which works on round-reduced initialization comprising more than half number of original 12 rounds in the first time. In addition, we create forgery on 4/5/6 rounds finalization with 2~9/2~(17)/2~(33) messages, respectively, which is more practical compared to the previous ones. Our work is summarized in Table 1.