{"id":"https://openalex.org/W4311596273","doi":"https://doi.org/10.46586/tosc.v2022.i4.120-144","title":"Practical Cube Attack against Nonce-Misused Ascon","display_name":"Practical Cube Attack against Nonce-Misused Ascon","publication_year":2022,"publication_date":"2022-12-07","ids":{"openalex":"https://openalex.org/W4311596273","doi":"https://doi.org/10.46586/tosc.v2022.i4.120-144"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2022.i4.120-144","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2022.i4.120-144","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/9974/9472","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tosc.iacr.org/index.php/ToSC/article/download/9974/9472","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005568748","display_name":"Jules Baudrin","orcid":null},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en sciences et technologies du num\u00e9rique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Jules Baudrin","raw_affiliation_strings":["Inria, Paris, France","Cryptologie syme\u0301trique, cryptologie fonde\u0301e sur les codes et information quantique"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Inria, Paris, France","institution_ids":["https://openalex.org/I1326498283"]},{"raw_affiliation_string":"Cryptologie syme\u0301trique, cryptologie fonde\u0301e sur les codes et information quantique","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050062480","display_name":"Anne Canteaut","orcid":"https://orcid.org/0000-0002-6292-8336"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en sciences et technologies du num\u00e9rique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Anne Canteaut","raw_affiliation_strings":["Inria, Paris, France","Cryptologie syme\u0301trique, cryptologie fonde\u0301e sur les codes et information quantique"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Inria, Paris, France","institution_ids":["https://openalex.org/I1326498283"]},{"raw_affiliation_string":"Cryptologie syme\u0301trique, cryptologie fonde\u0301e sur les codes et information quantique","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077352004","display_name":"L\u00e9o Perrin","orcid":"https://orcid.org/0000-0002-4722-7005"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en sciences et technologies du num\u00e9rique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"L\u00e9o Perrin","raw_affiliation_strings":["Inria, Paris, France","Cryptologie syme\u0301trique, cryptologie fonde\u0301e sur les codes et information quantique"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Inria, Paris, France","institution_ids":["https://openalex.org/I1326498283"]},{"raw_affiliation_string":"Cryptologie syme\u0301trique, cryptologie fonde\u0301e sur les codes et information quantique","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.4972,"has_fulltext":true,"cited_by_count":18,"citation_normalized_percentile":{"value":0.90823311,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"120","last_page":"144"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cryptographic-nonce","display_name":"Cryptographic nonce","score":0.832085132598877},{"id":"https://openalex.org/keywords/cryptanalysis","display_name":"Cryptanalysis","score":0.6430891752243042},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.563208818435669},{"id":"https://openalex.org/keywords/higher-order-differential-cryptanalysis","display_name":"Higher-order differential cryptanalysis","score":0.5505124926567078},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5112276077270508},{"id":"https://openalex.org/keywords/block-cipher","display_name":"Block cipher","score":0.44876572489738464},{"id":"https://openalex.org/keywords/authenticated-encryption","display_name":"Authenticated encryption","score":0.4286290109157562},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.4196012616157532},{"id":"https://openalex.org/keywords/degree","display_name":"Degree (music)","score":0.4191644787788391},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4037654399871826},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3998851180076599},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.38363659381866455},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.38146618008613586},{"id":"https://openalex.org/keywords/linear-cryptanalysis","display_name":"Linear cryptanalysis","score":0.2592051029205322},{"id":"https://openalex.org/keywords/combinatorics","display_name":"Combinatorics","score":0.1782573163509369}],"concepts":[{"id":"https://openalex.org/C9996903","wikidata":"https://www.wikidata.org/wiki/Q1749235","display_name":"Cryptographic nonce","level":3,"score":0.832085132598877},{"id":"https://openalex.org/C181149355","wikidata":"https://www.wikidata.org/wiki/Q897511","display_name":"Cryptanalysis","level":3,"score":0.6430891752243042},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.563208818435669},{"id":"https://openalex.org/C151607707","wikidata":"https://www.wikidata.org/wiki/Q11673206","display_name":"Higher-order differential cryptanalysis","level":5,"score":0.5505124926567078},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5112276077270508},{"id":"https://openalex.org/C106544461","wikidata":"https://www.wikidata.org/wiki/Q543151","display_name":"Block cipher","level":3,"score":0.44876572489738464},{"id":"https://openalex.org/C128619300","wikidata":"https://www.wikidata.org/wiki/Q15263584","display_name":"Authenticated encryption","level":3,"score":0.4286290109157562},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.4196012616157532},{"id":"https://openalex.org/C2775997480","wikidata":"https://www.wikidata.org/wiki/Q586277","display_name":"Degree (music)","level":2,"score":0.4191644787788391},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4037654399871826},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3998851180076599},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.38363659381866455},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.38146618008613586},{"id":"https://openalex.org/C82424418","wikidata":"https://www.wikidata.org/wiki/Q1826463","display_name":"Linear cryptanalysis","level":4,"score":0.2592051029205322},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.1782573163509369},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C24890656","wikidata":"https://www.wikidata.org/wiki/Q82811","display_name":"Acoustics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tosc.v2022.i4.120-144","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2022.i4.120-144","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/9974/9472","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-03901680v1","is_oa":false,"landing_page_url":"https://inria.hal.science/hal-03901680","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, 2022, pp.120-144. &#x27E8;10.46586/tosc.v2022.i4.120-144&#x27E9;","raw_type":"Journal articles"},{"id":"pmh:oai:doaj.org/article:674dd637a5e64de88af78944cec7205f","is_oa":true,"landing_page_url":"https://doaj.org/article/674dd637a5e64de88af78944cec7205f","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2022, Iss 4 (2022)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2022.i4.120-144","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2022.i4.120-144","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/9974/9472","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.5600000023841858,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2636060959","display_name":"Security Evaluation of Lightweight Encryption using new Cryptanalysis Techniques","funder_award_id":"ANR-20-CE48-0017","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4311596273.pdf","grobid_xml":"https://content.openalex.org/works/W4311596273.grobid-xml"},"referenced_works_count":14,"referenced_works":["https://openalex.org/W1503638523","https://openalex.org/W1605798759","https://openalex.org/W1656028867","https://openalex.org/W2160494425","https://openalex.org/W2185342914","https://openalex.org/W2562655613","https://openalex.org/W2604873466","https://openalex.org/W2613741682","https://openalex.org/W2810908956","https://openalex.org/W3148977311","https://openalex.org/W3215112825","https://openalex.org/W4206301673","https://openalex.org/W4241299894","https://openalex.org/W4242655995"],"related_works":["https://openalex.org/W2951181267","https://openalex.org/W2407726188","https://openalex.org/W3210000570","https://openalex.org/W4302854873","https://openalex.org/W3216230948","https://openalex.org/W1593404714","https://openalex.org/W4253338219","https://openalex.org/W2766321958","https://openalex.org/W2396343634","https://openalex.org/W3013793794"],"abstract_inverted_index":{"Ascon":[0,63,140],"is":[1,92,98,120],"a":[2,53,93,114,118,126,189,220,245,268,276],"sponge-based":[3],"Authenticated":[4],"Encryption":[5],"with":[6],"Associated":[7],"Data":[8],"that":[9,72,97,174,291],"was":[10],"selected":[11],"as":[12],"both":[13],"one":[14,23],"of":[15,18,24,27,45,85,100,129,138,150,158,166,182,191,241,279,282,288],"the":[16,19,25,28,43,58,65,78,83,102,130,134,139,151,164,179,183,202,207,236,253,280,283],"winners":[17],"CAESAR":[20],"competition":[21,36],"and":[22,197,210,258,285],"finalists":[26],"NIST":[29],"lightweight":[30],"cryptography":[31],"standardization":[32],"effort.":[33],"As":[34],"this":[35,46,73,89,167],"comes":[37],"to":[38,88,113,144,177,201,226,263,274],"an":[39,122],"end,":[40],"we":[41,170],"analyse":[42],"security":[44,79],"algorithm":[47],"against":[48,57,256],"cube":[49,55,95,156],"attacks.":[50],"We":[51,68,204],"present":[52],"practical":[54,106],"attack":[56,74,96,209],"full":[59,103,208],"6-round":[60],"encryption":[61],"in":[62,64,105,133,148,235,252,267,286],"nonce-misuse":[66],"setting.":[67],"note":[69],"right":[70],"away":[71],"does":[75],"not":[76],"violate":[77],"claims":[80],"made":[81],"by":[82],"designers":[84],"Ascon,":[86,257],"due":[87],"setting.Our":[90],"cryptanalysis":[91,187],"conditional":[94],"capable":[99],"recovering":[101],"capacity":[104,152,237],"time;":[107],"but":[108],"for":[109],"Ascon-128,":[110],"its":[111,289],"extension":[112],"key":[115],"recovery":[116],"or":[117],"forgery":[119],"still":[121],"open":[123],"question.":[124],"First,":[125],"careful":[127],"analysis":[128],"maximum-degree":[131],"terms":[132],"algebraic":[135],"normal":[136],"form":[137,248],"permutation":[141],"allows":[142,224],"us":[143,176,225,262],"derive":[145],"linear":[146,233],"equations":[147,234],"half":[149,181],"bits":[153],"given":[154],"enough":[155],"sums":[157],"dimension":[159],"32.":[160],"Then,":[161],"depending":[162],"on":[163,219],"results":[165,216,266],"first":[168],"phase,":[169],"identify":[171,228],"smaller-degree":[172],"cubes":[173],"allow":[175],"recover":[178],"remaining":[180],"capacity.":[184],"Overall,":[185,271],"our":[186,211,214,259],"has":[188],"complexity":[190],"about":[192,198],"240":[193,199],"adaptatively":[194],"chosen":[195],"plaintexts,":[196],"calls":[200],"permutation.":[203],"have":[205,244],"implemented":[206],"experiments":[212],"confirm":[213],"claims.Our":[215],"are":[217],"built":[218],"theoretical":[221],"framework":[222],"which":[223],"easily":[227],"monomials":[229,243],"whose":[230],"cube-sums":[231],"provide":[232],"bits.":[238],"The":[239],"coefficients":[240],"these":[242],"more":[246],"general":[247],"than":[249],"those":[250],"used":[251],"previous":[254,265],"attacks":[255],"method":[260],"enables":[261,273],"re-frame":[264],"simpler":[269],"form.":[270],"it":[272],"gain":[275],"deeper":[277],"understanding":[278],"properties":[281],"permutation,":[284],"particular":[287],"S-box,":[290],"make":[292],"such":[293],"state-recoveries":[294],"possible.":[295]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}