This is a collection of hardware and software implementations of Ascon. Reference implementations are included as submodules, while this file lists additional implementations in various languages.
Ascon is a family of authenticated encryption (AEAD) and hashing algorithms designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. It was designed by a team of cryptographers from Graz University of Technology, Infineon Technologies, and Intel Labs: Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer.
Ascon has been selected as the standard for lightweight cryptography in the NIST Lightweight Cryptography competition (2019–2023) and as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition (2014–2019).
The Ascon family provides multiple different schemes; not all linked implementations implement all algorithms:
-
Authenticated encryption (
Ascon-128
,Ascon-128a
,Ascon-80pq
) -
Hashing algorithms including hash functions with fixed 256-bit tag size (
Ascon-Hash
,Ascon-Hasha
) and eXtendable Output Functions (XOFs) with variable output lengths (Ascon-Xof
,Ascon-Xofa
) -
Authentication algorithms including Message Authentication Codes (MACs) with fixed 128-bit tag size (
Ascon-Mac
,Ascon-Maca
) and PseudoRandom Functions (PRFs) with variable output lengths (Ascon-Prf
,Ascon-Prfa
), as well as a variant for short messages of up to 128 bits (Ascon-PrfShort
)
Find the specification of Ascon v1.2 as submitted to NIST LWC and more information here: https://ascon.iaik.tugraz.at/
Description | Code | Author | Comments and supported variants |
---|---|---|---|
⭐ C reference implementation | https://github.com/ascon/ascon-c | Ascon Team | Features both the reference implementation and optimized implementations (64-bit) of Ascon-128 and Ascon-128a. For a detailed overview of the performance of Ascon-128 and Ascon-128a on different CPUs see eBAEAD. |
C collection with benchmarks | https://lab.las3.de/gitlab/lwc/candidates/tree/master/ascon/Implementations | Rhys Weatherley et al. | Collection with implementations by multiple authors, including benchmarking results (AEAD and hash variants) |
C with Init-Update-Final interface | https://github.com/TheMatjaz/LibAscon | Matjaž Guštin | C11 library wrapping the reference C implementation (all AEAD and hash variants), including Init-Update-Final processing and variable tag length |
C/assembly optimized for 32-bit architectures (ESP32/Xtensa, RISC-V) | in LAS3 collection | Ferdinand Bachmann | C wrapper with assembly optimized for Tensilica Xtensa and 32-bit RISC-V (all AEAD and hash variants) |
C optimized for RISC-V | https://github.com/ulmer-a/lightweight_aead | Alexander Ulmer | RISC-V implementation of Ascon-128 and Ascon-128a |
Description | Code | Author | Comments and supported variants |
---|---|---|---|
⭐ Python reference implementation | https://github.com/meichlseder/pyascon | Ascon Team | Reference implementation of all AEAD and hash family members. Note: The pypi package is not maintained by us. |
Cython/Python | https://github.com/xHappenZ/cyascon | Oliver Popa | Python wrapper with C/Cython implementation (all AEAD and hash variants), with optional init-update-final interface. |
Java | https://github.com/ascon/javaascon | Hannes Groß | Java implementation of Ascon-128 and Ascon-128a. |
Java for JCE | - | SIC | IAIK-LW Provider for the Java Cryptography Extension (JCE). Links: commercial toolkit, free evaluation version |
Rust | https://github.com/RustCrypto/hashes/tree/master/ascon-hash, https://github.com/RustCrypto/AEADs/tree/master/ascon-aead | Sebastian Ramacher | Rust implementation, as part of the RustCrypto library, of all AEAD and hash variants. Links: git (hash), git (AEAD), crate (hash), crate (AEAD) |
Jasmin | https://github.com/jerlacher/ascon-jasmin | Johannes Erlacher | Jasmin implementation with a Rust interface (Ascon-128 and Ascon-128a AEAD variants) |
Go | https://github.com/cloudflare/circl | Armando Faz | Go implementation as part of the CIRCL library (all AEAD variants) |
TypeScript | https://github.com/Simolation/ascon-js | Simon Osterlehner | Fully typed TypeScript/JavaScript library (all AEAD and hash variants). Link: npm |
TypeScript/JavaScript | https://github.com/brainfoolong/js-ascon | Roland Eigelsreiter | JavaScript/TypeScript implementation (all Ascon family members). Link: npm |
PHP | https://github.com/brainfoolong/php-ascon | Roland Eigelsreiter | PHP 8+ implementation (all Ascon family members) |
Zig | https://github.com/ziglang/zig/blob/master/lib/std/crypto/ascon.zig | Frank Denis | Zig implementation as part of the standard library (permutation only) |
🚧 to be completed
🚧 to be completed
🚧 to be completed