Ascon

Authenticated Encryption and Hashing

Ascon is a family of authenticated encryption and hashing algorithms designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. Ascon has been selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition (2014–2019) and is currently competing in the NIST Lightweight Cryptography competition (2019–).

Features

  • Authenticated encryption and hashing (fixed or variable output length) with a single lightweight permutation
  • Sponge-based modes of operation with a custom-tailored SPN permutation
  • Provably secure mode with keyed finalization for additional robustness
  • Easy to implement in software and hardware
  • Lightweight for constrained devices: small state, simple permutation, robust mode
  • Fast in hardware
  • Fast in software: Pipelinable, bit-sliced 5-bit S-box for 64-bit architectures
  • Scalable for more conservative security or higher throughput
  • Timing resistance: No table look-ups or additions
  • Side-channel resistance: S-box optimized for countermeasures
  • Key size = tag size = security level (128 bits recommended)
  • Minimal overhead (ciphertext length = plaintext length)
  • Single-pass, online (encryption and decryption), nonce-based, inverse-free

Ascon was designed by a team of cryptographers from Graz University of Technology, Infineon Technologies, and Radboud University:

Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schläffer.

logo tu graz         logo infineon

logo radboud