A Family of Authenticated Encryption Algorithms

Ascon is a family of authenticated encryption algorithms and a finalist of the CAESAR competition. The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks.


  • Sponge-based mode of operation with custom-tailored SPN permutation
  • Provably secure mode with keyed finalization for additional robustness
  • Easy to implement in software and hardware
  • Lightweight for constrained devices: small state, simple permutation, robust mode
  • Fast in hardware
  • Fast in software: Pipelinable, bit-sliced 5-bit S-box for 64-bit architectures
  • Scalable for more conservative security or higher throughput
  • Timing resistance: No table look-ups or additions
  • Side-channel resistance: S-box optimized for countermeasures
  • Key size = tag size = security level (128 bits recommended)
  • Minimal overhead (ciphertext length = plaintext length)
  • Single-pass, online (encryption and decryption), nonce-based, inverse-free

Ascon was designed by a team of cryptographers from Graz University of Technology and Infineon Technologies:

Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer.

The work has been supported in part by the Austrian Science Fund (FWF): P26494-N15 and J4277-N38, by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644052, and by the Austrian Government through the research projects SePAG (FIT-IT 835919) and SeCoS (FFG/SFG 836628).

logo tu graz         logo infineon

logo radboud