Security Analysis of ASCON Cipher Under Persistent Faults: Official Work-in-Progress Paper

Abstract

This work investigates persistent fault analysis on ASCON cipher that has been recently standardized by NIST USA for lightweight cryptography applications. In persistent fault, the fault once injected through RowHammer injection techniques, exists in the system during the entire encryption phase. In this work, we propose a model to mount persistent fault analysis (PFA) on ASCON cipher. In the finalization round of the ASCON cipher, we identify that the fault-injected S-Box operation in the permutation round, p12, is vulnerable to leaking information about the secret key. A single instance of fault-injected S-Box out of 64 parallel S-Box invocations. The attack model demonstrates that any Sponge construction operating with authenticated encryption with associated data (AEAD) mode is vulnerable to persistent faults. In this work, we demonstrate the scenario of a single fault wherein the fault, once injected is persistent until the device is powered off. Using the proposed method, we successfully retrieve the 128-bit key in ASCON. Our experiments show that the minimum number and the maximum number of queries required are 63 plaintexts and 451 plaintexts, respectively. Moreover, we observe that the number of queries required to mount the attack depends on fault location in the S-box LUT as observed from the plots reporting the minimum number of queries and average number of queries for 100 key values. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.