Towards an Efficient Multi-Party Threshold Ascon

Abstract. In this presentation, we will discuss the required and desired properties of Ascon for an efficient multi-party threshold implementation. We will also evaluate how well our work meets these criteria. Our focus will be on the Ascon-AEAD128 authenticated encryption and decryption scheme. Due to their nearly identical construction, our observations also apply to Ascon-Hash256 and Ascon-[C]XOF128. We focus on ensuring security against active adversaries corrupting up to one-third of the participating parties. Currently, our work focuses on the online part of the protocol and communication costs in bits. To this end, we rely heavily on packing to align a multi-party evaluation more closely with Ascon's hardware-oriented design. For this, we will explore the Reverse Multiplication-Friendly Embeddings packing mechanism introduced by Cascudo et al. in 2018.

Joint work: Aysajan Abidin, Erik Pohle, Bart Preneel, Peter Schwarz

[Slides] Suggested reading: Evaluating Ascon in Secure Multi-Party Computation using Reverse Multiplication-Friendly Embeddings (ia.cr/2025/1538)