Description, Implementation and Performance/Security Analysis of ASCON128

Abstract

The aim of the report is to introduce detailed description of the functioning of and to provide an efficient implementation (using bit-sliced implementation of S-Box) in C of encryption, decryption and authentication of the lightweight authenticated encryption algorithm ASCON 128 (sponge based SPN network based on Keccak like operations) as per the v 1.2 submitted to NIST. This is achieved using a sponge construction by setting up initialization state and performing 12 rounds of permutations, XORing consecutively the plaintext blocks (encryption) or ciphertext blocks (decryption) with first 64 bits of the state (after 6 rounds of sponge permutations) and after all consecutive operations on ciphertext/plaintext blocks, XORing the last 128 bits of the resultant state with the secret Key (after 12 rounds of final permutation operations) to produce/re-create the tag. Discussions on Key Features, Performance Analysis (comparison of ASCON 128 v/s AES 128 in GCM mode on our own PC), Performance Comparisons with other NIST lightweight cryptography contest finalists on ARM Cortex M3, and discussions on the Security Analysis (side channel attacks: fault injection and power analysis) of ASCON are included in this report.