Ascon is a family of authenticated encryption algorithms, currently participating in Round 3 of the CAESAR competition. The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks.
- Sponge-based mode of operation with custom-tailored SPN permutation
- Provably secure mode with keyed finalization
- Easy to implement in software and hardware
- Lightweight for constrained devices: small state, simple permutation, robust mode
- Fast in hardware
- Fast in software: Pipelinable, bit-sliced 5-bit S-box for 64-bit architectures
- Scalable for more conservative security or higher throughput
- Timing resistance: No table look-ups or additions
- Side-channel resistance: S-box optimized for countermeasures
- Key size = tag size = security level (128 bits recommended)
- Minimal overhead (ciphertext length = plaintext length)
- Single-pass, online (encryption and decryption), nonce-based, inverse-free
Ascon was designed by a team of cryptographers from Graz
University of Technology:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer.
The work has been supported in part by the Austrian Science Fund (FWF P26494-N15) and by the Austrian Government through the research projects SePAG (FIT-IT 835919) and SeCoS (FFG/SFG 836628).