June 22, 2023
Cihangir Tezcan - METU Department of Cyber Security
Experimental results on the differential-linear distinguishers of Ascon show that these distinguishers have better bias in practice compared to the theoretical calculations. This difference suggests that in practice a distinguisher with a worse theoretical bias might be better than the best distinguisher. By using the parallel computing power of GPUs, we observed that better distinguishers can be obtained experimentally in practice which cannot be obtained theoretically by known methods. We obtained the best known 5-round differential-linear distinguishers for the permutation of Ascon experimentally, some of which can be turned into related-key attacks.
Lightweight Cryptography Workshop 2023 [Virtual]