Cryptanalysis: theory versus practice correcting cryptanalysis results on Ascon, ChaCha, and Serpent using GPUs

Official URL: https://dx.doi.org/10.46586/tosc.v2025.i3.729-754

Most modern cryptanalysis results are obtained through theoretical analysis, often relying on simplifications and idealized assumptions. In this work, we use the parallel computational power of GPUs to experimentally verify a small portion of the cryptanalysis results that have been published in recent years. Our focus is on the ciphers Ascon, ChaCha, and Serpent. In none of the attacks we considered did the theoretical estimates fully match the actual practical values. More precisely, we show that the 4.5-round truncated differential with probability one, the 6-round differential-linear (DL), and the 6-round impossible differential distinguishers on Ascon, as well as the best known 7-and 7.5-round DL distinguisher on ChaCha, do not actually work in practice. Moreover, we demonstrate that the best known 10, 11, and 12-round DL attacks on Serpent perform better in practice than previously estimated. Additionally, we provide a new experimentally obtained 9-round DL distinguisher on Serpent, which can be used in 10 and 11-round attacks with reduced data complexity. In a broader sense, we recommend that cryptanalysts experimentally verify reduced versions of their theoretically obtained analysis results whenever possible. In order to simplify this process, we make our optimized code for the ciphers treated here available for future use.