A comprehensive survey on the implementations, attacks, and countermeasures of the current NIST lightweight cryptography standard

J Kaur, AC Canto, MM Kermani… - arxiv preprint arxiv …, 2023 - arxiv.org
This survey is the first work on the current standard for lightweight cryptography,
standardized in 2023. Lightweight cryptography plays a vital role in securing resource …

A review of the nist lightweight cryptography finalists and their fault analyses

H Madushan, I Salam, J Alawatugoda - Electronics, 2022 - mdpi.com
The security of resource-constrained devices is critical in the IoT field, given that everything
is interconnected. Therefore, the National Institute of Standards and Technology (NIST) …

Exploring differential-based distinguishers and forgeries for ASCON

D Gérault, T Peyrin, QQ Tan - Cryptology ePrint Archive, 2021 - eprint.iacr.org
Automated methods have become crucial components when searching for distinguishers
against symmetric-key cryptographic primitives. While MILP and SAT solvers are among the …

Revisiting higher-order differential-linear attacks from an algebraic perspective

K Hu, T Peyrin, QQ Tan, T Yap - … Conference on the Theory and Application …, 2023 - Springer
Abstract The Higher-order Differential-Linear (HDL) attack was introduced by Biham et al. at
FSE 2005, where a linear approximation was appended to a Higher-order Differential (HD) …

Practical cube attack against nonce-misused Ascon

J Baudrin, A Canteaut, L Perrin - IACR Transactions on Symmetric …, 2022 - tosc.iacr.org
Ascon is a sponge-based Authenticated Encryption with Associated Data that was selected
as both one of the winners of the CAESAR competition and one of the finalists of the NIST …

Committing Security of Ascon: Cryptanalysis on Primitive and Proof on Mode

Y Naito, Y Sasaki, T Sugawara - IACR Transactions on Symmetric …, 2023 - tosc.iacr.org
Context-committing security of authenticated encryption (AE) that prevents ciphertexts from
being decrypted with distinct decryption contexts,(K, N, A) comprising a key K, a nonce N …

Reconstructing s-boxes from cryptographic tables with MILP

R Rohit, S Sarkar - IACR Transactions on Symmetric …, 2024 - ojs.ub.ruhr-uni-bochum.de
Reconstructing an S-box from a cryptographic table such as difference distribution table
(DDT), linear approximation table (LAT), differential-linear connectivity table (DLCT) or …

Towards tight differential bounds of Ascon: a hybrid usage of SMT and MILP

RH Makarim, R Rohit - IACR Transactions on Symmetric Cryptology, 2022 - tosc.iacr.org
Being one of the winners of the CAESAR competition and a finalist of the ongoing NIST
lightweight cryptography competition, the authenticated encryption with associated data …

[BOOK][B] Status report on the final round of the NIST lightweight cryptography standardization process

MS Turan, MS Turan, K McKay, D Chang, LE Bassham… - 2023 - nvlpubs.nist.gov
Abstract The National Institute of Standards and Technology (NIST) initiated a public
standardization process to select one or more schemes that provide Authenticated …

Massive Superpoly Recovery with a Meet-in-the-Middle Framework: Improved Cube Attacks on Trivium and Kreyvium

J He, K Hu, H Lei, M Wang - … International Conference on the Theory and …, 2024 - Springer
The cube attack extracts the information of secret key bits by recovering the coefficient called
superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube …