Ascon

A Family of Authenticated Encryption Algorithms

Ascon is a family of authenticated encryption algorithms, currently participating in Round 3 of the CAESAR competition. The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks.

Features

  • Sponge-based mode of operation with custom-tailored SPN permutation
  • Provably secure mode with keyed finalization
  • Easy to implement in software and hardware
  • Lightweight for constrained devices: small state, simple permutation, robust mode
  • Fast in hardware
  • Fast in software: Pipelinable, bit-sliced 5-bit S-box for 64-bit architectures
  • Scalable for more conservative security or higher throughput
  • Timing resistance: No table look-ups or additions
  • Side-channel resistance: S-box optimized for countermeasures
  • Key size = tag size = security level (128 bits recommended)
  • Minimal overhead (ciphertext length = plaintext length)
  • Single-pass, online (encryption and decryption), nonce-based, inverse-free

Ascon was designed by a team of cryptographers from Graz University of Technology:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer.
The work has been supported in part by the Austrian Science Fund (FWF P26494-N15) and by the Austrian Government through the research projects SePAG (FIT-IT 835919) and SeCoS (FFG/SFG 836628).

logo tu graz