Laboratoire IMATH

Titre :
Some Observations About the Ascon and Keccak S-box and Potential Applications in Cryptanalysis

Résumé :
We study THREE types of “weakness” in Ascon and Keccak [and symmetric cryptography at large] : 1) rotation symmetries and theory of Chi, 2) translation symmetries and 3) linearization properties. We study some powerful (maximum strength) linearization properties related to Differential-Linear Attacks and related to the concept of “second” or “vectorial” non-linearity in cryptographic substitution boxes (S-boxes). In particular we show some results and theorems about holographic or translation symmetries in all quadratic S-boxes where one linearization property can be transformed into another linearization property of the same size. In general we focus on the study “global” and maximum size or maximum strength linear and differential approximations of the whole S-box, hence for all outputs simultaneously, inside a variety of symmetric encryption primitives. We study how that all cryptographic S-boxes without exception, are always to some degree “linearized”, or approximated by various linear functions for all outputs simultaneously. Likewise, all S-boxes are always to some degree “semi-transparent” w.r.t. differentials. We use an Information theoretic tool : the DMI to study and classify cryptographic permutations. For example, we show that there exist permutations with DMI lower than in AES inverse S-box, or that there exist APNs with DMI lower than 1.0, while many constructions known in the literature achieve very poor results with DMI>1.5. We recommend to check out our preprint : https://eprint.iacr.org/2024/802.pdf . Some slides presented in Madrid in May 2025 : https://permutationbasedcrypto.org/2025/files/Nicolas_Courtois.pdf