Naming for nonce-masking Ascon AEAD.
12 views
Skip to first unread message
niux_d...@icloud.com
Sep 1, 2025, 1:24:48 AM (7 days ago) Sep 1
to lwc-...@list.nist.gov
Hi all!
I'm excited to announce that I've completed and tested an implementation of the Ascon algorithms specified in NIST-SP-800-232. The codes are pushed to https://github.com/dannyniu/MySuiteA
One thing I must query at here is that, how should I name the nonce-masking implementation option for the Ascon AEAD? As we know, the 256-bit key is actually 2 128-bit halves, one of which doesn't contribute the security the same way the other half does.
I'm naming my instance of implementation Ascon_AEAD256 for now, but unless it actually provide 256-bit security, I'm sure this isn't quite appropriate, except for the fact that the key size reported by the implementation instance is 256-bit.
What alternative names can I use on the algorithm? Ascon-AEAD128nm (where NM stand for nonce masking)?
Thanks.
DannyNiu/NJF.
McKay, Kerry A. (Fed)
Sep 5, 2025, 1:21:39 PM (2 days ago) Sep 5
to niux_d...@icloud.com, lwc-...@list.nist.gov
Dear Danny,
Thank you for your message.
If you are looking for a distinct name for your implementation of Ascon-AEAD128 with the nonce-masking option, Ascon-AEAD128nm is a reasonable choice. Using the name Ascon_AEAD256 can be misleading, as the supported security level is 128 bits (rather than 256).
Please let us know if you have any further questions.
Kind regards,
Kerry
--
To unsubscribe from this group, send email to lwc-forum+...@list.nist.gov
Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/lwc-forum
To unsubscribe from this group, send email to lwc-forum+...@list.nist.gov
Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/lwc-forum
Reply all
Reply to author
Forward
0 new messages