ASCON Suite Documentation

Table of Contents

• API Reference
• Building
• Examples
• Standards
• Extensions
• History
• Contact

This repository builds a number of useful crytographic primitives around the ASCON permutation.

The idea is that if you want to use ASCON in an embedded application, that you copy the suite and the backend of choice to your platform and you'll get pretty much everything you need for symmetric encryption using ASCON.

One of the key goals for this suite is to keep the code size relatively small on embedded platforms while also providing good performance.

The suite has a number of permutation backends for different CPU configurations, which are detailed on the Porting the ASCON Permutation page.

When porting to a new microcontroller, you will probably also need to provide a TRNG backend to access the random number generator on your CPU.

Patches are welcome to provide new permutation and TRNG backends.

API Reference

• Authenticated Encryption with Associated Data (AEAD)
• Hashing
• Pseudorandom Function (PRF)
• Message Authentication Code (MAC)
• HMAC-based Key Derivation Function (HKDF)
• Hashed Message Authentication Code (HMAC)
• ISAP AEAD Mode with Side Channel Protections
• Keyed Message Authentication Code (KMAC)
• Password-Based Key Derivation Function (PBKDF2)
• Pseudorandom Number Generation (PRNG)
• Synthetic Initialization Vector (SIV)
• Extensible Output Functions (XOF)
• Direct Access to the ASCON Permutation
• Utility Functions
• C++ API Reference

Building

ASCON Suite uses cmake to build, so you will need to have that installed. Here is the simplest method to compile, test, and install the library:

mkdir build
cd build
cmake ..
make
make test
sudo make install

To build with a cross-compiler, set the CC and CMAKE_C_FLAGS variables when invoking cmake:

mkdir build
cd build
CC="avr-gcc" cmake -DMINIMAL=ON -DCMAKE_C_FLAGS="-mmcu=atmega2560" ..
make

Note carefully the placement of environment variables before the "cmake" command name, and the cmake variables specified with "-D" after.

The MINIMAL option suppresses the compilation of shared libraries, examples, and test programs, which may not compile for embedded microcontrollers due to missing libc functions or other platform constraints. Only the static library libascon_static.a is built in the minimal configuration.

Examples

• Encrypting and decrypting files with ASCONcrypt
• Computing file checksums with ASCON-HASH
• Direct hashing with the ASCON permutation
• Direct CFB encryption with the ASCON permutation
• Building a block cipher with the ASCON permutation

Standards

The core ASCON implementation is based on version 1.2 from the final round submission to the NIST lightweight cryptography competition. The following ASCON primitives are provided:

• ASCON-128 authenticated encryption algorithm with a 128-bit key.
• ASCON-128a authenticated encryption algorithm with a 128-bit key.
• ASCON-80pq authenticated encryption algorithm with a 160-bit key.
• ASCON-HASH and ASCON-HASHA hash algorithms with a 256-bit output.
• ASCON-XOF and ASCON-XOFA extendable output functions (XOF) with an arbitrary-length output.
• ASCON-Prf and ASCON-PrfShort pseudorandom functions.
• ASCON-Mac message authentication code.
• Direct access to the ASCON permutation itself to build custom application modes.

We also provide incremental versions of ASCON-128, ASCON-128a, and ASCON-80pq for encrypting and decrypting extremely large amounts of data in chunks.

Extensions

The following higher-level extensions are provided:

• ASCON-128-SIV, ASCON-128a-SIV, and ASCON-80pq-SIV variants that provide Synthetic Initialization Vector (SIV) encryption modes. See the SIV page for more information.
• ISAP-A-128, ISAP-A-128A, and ISAP-A-80PQ modes for enhanced protection against side channel leakage.
• Customizable hashing with ASCON-cXOF. See this page for more information on ASCON-cXOF.
• KMAC modes for keyed hashing built around ASCON-cXOF. See the KMAC page for more information on ASCON-KMAC.
• HMAC modes for keyed hashing built around ASCON-HASH.
• ASCON-PRNG for generating an arbitary sequence of random data from system-supplied and application-supplied seed material. This is based on ASCON-XOF and uses the SpongePRNG construction. See the PRNG page for more information.
• HKDF and PBKDF2 modes built around the ASCON HMAC mode.

Other than ISAP-A-128 and ISAP-A-128A, these extensions have not yet been standardised by a public standards body, but I did try to follow general practice when creating such modes. See the individual pages for the design choices that I made. Feedback welcome.

History

The functionality in this library was originally prototyped in the LWC Finalists repository. This repository extracts and expands the ASCON-specific parts of the original repository.

Contact

For more information on these libraries, to report bugs, or to suggest improvements, please contact the author Rhys Weatherley via email.