A comprehensive survey on the implementations, attacks, and countermeasures of the current NIST lightweight cryptography standard
This survey is the first work on the current standard for lightweight cryptography,
standardized in 2023. Lightweight cryptography plays a vital role in securing resource …
standardized in 2023. Lightweight cryptography plays a vital role in securing resource …
A review of the nist lightweight cryptography finalists and their fault analyses
The security of resource-constrained devices is critical in the IoT field, given that everything
is interconnected. Therefore, the National Institute of Standards and Technology (NIST) …
is interconnected. Therefore, the National Institute of Standards and Technology (NIST) …
Exploring differential-based distinguishers and forgeries for ASCON
Automated methods have become crucial components when searching for distinguishers
against symmetric-key cryptographic primitives. While MILP and SAT solvers are among the …
against symmetric-key cryptographic primitives. While MILP and SAT solvers are among the …
Revisiting higher-order differential-linear attacks from an algebraic perspective
Abstract The Higher-order Differential-Linear (HDL) attack was introduced by Biham et al. at
FSE 2005, where a linear approximation was appended to a Higher-order Differential (HD) …
FSE 2005, where a linear approximation was appended to a Higher-order Differential (HD) …
Practical cube attack against nonce-misused Ascon
Ascon is a sponge-based Authenticated Encryption with Associated Data that was selected
as both one of the winners of the CAESAR competition and one of the finalists of the NIST …
as both one of the winners of the CAESAR competition and one of the finalists of the NIST …
Committing Security of Ascon: Cryptanalysis on Primitive and Proof on Mode
Context-committing security of authenticated encryption (AE) that prevents ciphertexts from
being decrypted with distinct decryption contexts,(K, N, A) comprising a key K, a nonce N …
being decrypted with distinct decryption contexts,(K, N, A) comprising a key K, a nonce N …
Reconstructing s-boxes from cryptographic tables with MILP
Reconstructing an S-box from a cryptographic table such as difference distribution table
(DDT), linear approximation table (LAT), differential-linear connectivity table (DLCT) or …
(DDT), linear approximation table (LAT), differential-linear connectivity table (DLCT) or …
Towards tight differential bounds of Ascon: a hybrid usage of SMT and MILP
Being one of the winners of the CAESAR competition and a finalist of the ongoing NIST
lightweight cryptography competition, the authenticated encryption with associated data …
lightweight cryptography competition, the authenticated encryption with associated data …
[BOOK][B] Status report on the final round of the NIST lightweight cryptography standardization process
Abstract The National Institute of Standards and Technology (NIST) initiated a public
standardization process to select one or more schemes that provide Authenticated …
standardization process to select one or more schemes that provide Authenticated …
Massive Superpoly Recovery with a Meet-in-the-Middle Framework: Improved Cube Attacks on Trivium and Kreyvium
The cube attack extracts the information of secret key bits by recovering the coefficient called
superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube …
superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube …