A Family of Authenticated Encryption Algorithms

Ascon is a new family of authenticated encryption algorithms, submitted to the CAESAR competition for authenticated ciphers. The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks.


  • Sponge-based mode of operation with custom-tailored SPN permutation
  • Provably secure mode with keyed finalization
  • Easy to implement in software and hardware
  • Key size = tag size = security level (128 bits recommended)
  • Minimal overhead (ciphertext length = plaintext length)
  • Lightweight for constrained devices: small state, simple permutation
  • Fast in hardware
  • Fast in software: Pipelinable, bit-sliced 5-bit S-box for 64-bit architectures
  • Scalable for more conservative security or higher throughput
  • Timing resistance: No table look-ups or additions
  • Side-channel resistance: S-box optimized for countermeasures
  • Single-pass, online (encryption and decryption), nonce-based, inverse-free

Ascon was designed by a team of cryptographers from Graz University of Technology:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer.
The work has been supported in part by the Austrian Science Fund (FWF P26494-N15) and by the Austrian Government through the research projects SePAG (FIT-IT 835919) and SeCoS (FFG/SFG 836628).

logo tu graz