Lightweight cryptography for use in low-capacity computers: ASCON
Author
Dahl, Laurits Gorm
Term
4. term
Education
Publication year
2024
Submitted on
2024-06-03
Pages
82
Abstract
Denne afhandling undersøger letvægtskryptografi med særligt fokus på AEAD-cifferet Ascon. Letvægtskryptografi er metoder, der er designet til enheder med begrænsede ressourcer, såsom lidt hukommelse, lav processorkraft eller lavt energiforbrug. Afhandlingen giver først en introduktion til grundlæggende kryptografiske begreber og til kryptanalyse, dvs. måder at teste og vurdere sikkerhed på, herunder forskellige angrebstyper. Derefter gennemgås de vigtigste designhensyn og krav i letvægtskryptografi. Hoveddelen dykker ned i AEAD Ascon, som kombinerer kryptering med integritetsbeskyttelse af både data og tilknyttede metadata (Associated Data). Afhandlingen beskriver Ascons krypteringsskemaer, faser, permutationer og sikkerhedsegenskaber og sammenligner Ascon-128 med AES-128-GCM. Der gives et overblik over centrale kryptanalytiske teknikker som lineær, differentiel og differentiel-lineær kryptanalyse. Fortrolighed og autenticitet belyses især i scenarier med “state recovery” (når en angriber kan genskabe dele af den interne tilstand). Her fokuseres der på Ascons nonce-respekterende brug (ingen genbrug af nonce med samme nøgle) og på, at Ascons key blinding-teknik er nødvendig for at opretholde autenticitet. Afhandlingen afsluttes med en eksperimentel analyse af, hvor tilfældige Ascons permutationer fremstår.
This thesis examines lightweight cryptography with a focus on the AEAD cipher Ascon. Lightweight cryptography refers to methods designed for devices with limited resources, such as small memory, low processing power, or tight energy budgets. The thesis first introduces core cryptographic ideas and cryptanalysis—the study of how to test and assess security—including common attack types. It then reviews the key design goals and constraints of lightweight cryptography. The main part explores AEAD Ascon, which combines encryption with integrity protection for both data and associated metadata (Associated Data). It describes Ascon’s encryption schemes, stages, permutation process, and security properties, and compares Ascon-128 with AES-128-GCM. The work also surveys cryptanalytic techniques such as linear, differential, and differential-linear cryptanalysis. It discusses confidentiality and authenticity, particularly in scenarios involving state recovery (when an attacker can reconstruct parts of the internal state). Within Ascon’s nonce-respecting setting (nonces are not reused with the same key), the thesis highlights the necessity of its key blinding technique to preserve authenticity. The thesis concludes with an experimental analysis of how random Ascon’s permutations appear.
[This summary has been rewritten with the help of AI based on the project's original abstract]
Keywords
ASCON ; lightweight ; letvægt ; kryptografi ; cryptography
Documents