Paper 2015/034

Suit up! Made-to-Measure Hardware Implementations of Ascon

Hannes Groß, Erich Wenger, Christoph Dobraunig, and Christoph Ehrenhöfer


Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of the CAESAR authenticated encryption competition. In this paper, the promising CAESAR candidate Ascon is implemented in hardware and optimized for different typical applications to fully explore Ascon's design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an Ascon implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5 Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, Ascon is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of Ascon just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.

Available format(s)
Publication info
Published elsewhere. 18th Euromicro Conference on Digital Systems Design (DSD 2015)
Authenticated encryptionCAESAR competitionhardware designthreshold implementationAscon
Contact author(s)
hannes gross @ iaik tugraz at
2015-06-16: revised
2015-01-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hannes Groß and Erich Wenger and Christoph Dobraunig and Christoph Ehrenhöfer},
      title = {Suit up! Made-to-Measure Hardware Implementations of Ascon},
      howpublished = {Cryptology ePrint Archive, Paper 2015/034},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.