Ascon is a family of authenticated encryption and hashing algorithms designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. Ascon has been selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition (2014–2019) and is currently competing as a finalist in the NIST Lightweight Cryptography competition (2019–).
Features
- Authenticated encryption and hashing (fixed or variable output length) with a single lightweight permutation
- Sponge-based modes of operation with a custom-tailored SPN permutation
- Provably secure mode with keyed finalization for additional robustness
- Easy to implement in software and hardware
- Lightweight for constrained devices: small state, simple permutation, robust mode
- Fast in hardware
- Fast in software: Pipelinable, bit-sliced 5-bit S-box for 64-bit architectures
- Scalable for more conservative security or higher throughput
- Timing resistance: No table look-ups or additions
- Side-channel resistance: S-box optimized for countermeasures
- Key size = tag size = security level (128 bits recommended)
- Minimal overhead (ciphertext length = plaintext length)
- Single-pass, online (encryption and decryption), nonce-based, inverse-free
Ascon was designed by a team of cryptographers from
Graz University of Technology,
Infineon Technologies,
Lamarr Security Research, and
Radboud University:
Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer.