Improved Differential and Linear Trail Bounds for ASCON

Ascon is a family of cryptographic primitives for authenticated encryption and hashing introduced in 2015. It selected as one the ten finalists NIST Lightweight Cryptography competition. Since its introduction, has been extensively cryptanalyzed, results these analyses can indicate good resistance this against known attacks, like differential linear cryptanalysis.Proving upper bounds probability trails squared correlation standard requirement to evaluate security primitives. be done analytically some AES. For other primitives, computer assistance required prove strong trails. Computer-aided tools classified into two categories: based on general-purpose solvers dedicated tools. General-purpose such SAT MILP are widely used bounds, however they seem have lower capabilities thus yield less powerful compared tools.In work, we present tool trail search Ascon. We arrange 2-round tree traverse an efficient way using number new techniques introduce. Then extend more rounds, where also use traversal technique do it efficiently. This allows us scan much larger spaces faster than previous methods solvers. As result, tight 3-rounds trails, both improve existing rounds. In particular, first time, beyond 2−128 6 rounds 2−256 12