# **ASCON-F**

# ASCON Authenticated Encryption & Hashing Engine



The ASCON-F IP core is a compact, high-throughput hardware engine implementing the lightweight authenticated encryption with associated data (AEAD) and hashing algorithms described in the Ascon v1.2 specification.

A single instance of the ASCON-F IP core can encrypt or decrypt data using the Ascon-128 and Ascon-128a functions or perform Cryptographic hashing Hash per the Ascon-Hash and Ascon-Hasha functions. The mode of operation (encryption or decryption, and Ascon function), as well as the encryption key and nonce values, are run-time programmable and can be changed per block of input data. The core uses simple input and output interfaces, that can be optionally bridged to AXI4-Stream, or to AXI4 Memory Mapped master or slave ports using bridges separately available from CAST.

The core synthesizes to approximately 1,200 ALMs and can run at frequencies exceeding 250 MHz even on Cyclone V devices. Ignoring overheads related to input padding and core initialization, the throughput ranges from 5.3 to 16 bits/cycle depending on the mode and function, which at 250 MHz translates to 1.3 to 4 Gbps. The processing throughput can be further scaled by instantiating the core multiple times.

The core is designed for ease of use and integration and adheres to industry-best coding and verification practices. Technology mapping and timing closure are trouble-free, as the core contains no multi-cycle or false paths and uses only rising-edge-triggered D-type flip-flops, no tri-states, no SRAMs, and a single-clock/reset domain.

#### **About ASCON**

The ASCON family of algorithms was developed by Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University and was selected in February 2023 by the US National Institute of Standards and Technology (NIST) as the new standard for lightweight cryptography. Learn more online at <a href="NIST">NIST</a>, <a href="Wikipedia">Wikipedia</a>, and the <a href="Ascon">Ascon</a> website by Graz University of Technology.

### **Block Diagram**



#### **FEATURES**

- Authenticated Encryption and Hashing per NIST submitted specification Ascon v1.2
  - Ascon-128 and Ascon-128a authenticated encryption/decryption
  - Ascon-Hash & Ascon-Hasha hash functions
  - Ascon-Xof, Ascon-Xofa, and Ascon-80pq on request
- Run-time selectable operation mode, encryption key and nonce

#### **Compact and Fast**

- Approximately 1,200 ALMs
- More than: 250 MHz on Cyclone V, 500 MHz on Stratix V, Arria 10, and Stratix 10
- Throughput without any initialization and padding overhead:
  - Ascon-128: 10.6 bits/cycle
  - Ascon-128a: 16 bits/cycle
  - Ascon-Hash: 5.3 bits/cycle
  - Ascon-Hasha: 8 bits/cycle

#### Easy to integrate & implement.

- Fully synchronous, uses only the rising clock-edge, single-clock domain, no false or multicycle timing paths, scan-ready, LINTclean
- Simple input and output interface, optionally bridged to AMBA® interfaces or integrated with a DMA engine.
- Available VHDL or Verilog source code format, or as a targeted FPGA
- Soft, technology-agnostic IP core directly synthesizes to any Altera FPGA

#### **Deliverables**

The core is available in RTL source or as a targeted FPGA netlist. It is delivered with everything required for a successful implementation, including a sophisticated, self-checking HDL Testbench, a behavioral C Model & test vector generator, and comprehensive documentation.





# **Export Permits**

This core implements encryption functions and as such it is subject to export control regulations. Export to your country may or may not require a special export license. Please contact CAST to determine what applies in your specific case.

## **Applications**

Implementing the Ascon family of lightweight authenticated ciphers and hash functions, the core can be used to protect edge IoT devices, secure communications or video surveillance systems, and encrypt data storage.

# **Implementation Results**

The ASCON-F IP core can be mapped to any Altera FPGA device. The following are sample implementation results reported from Quartus, with all core I/Os assumed to be routed on-chip.

| Family/Device                   | Logic      | Memory<br>bits | Freq.<br>(MHz) |
|---------------------------------|------------|----------------|----------------|
| Agilex<br>AGFA014R24A2E2V       | 1,295 ALMs | 0              | 700            |
| Arria 10 GX<br>10AX115H1F34E1SG | 1,225 ALMs | 0              | 525            |
| Cyclone V GX<br>5CGXFC7C6F23C6  | 1,207 ALMs | 0              | 250            |
| Max10 (-7)<br>10M50DAF672C7G    | 2,058 LEs  | 0              | 175            |
| Stratix V<br>5SGXMB5R1F43C1     | 1,173 ALMs | 0              | 500            |

The provided figures <u>do not</u> represent the higher speed or smaller area for the core. Please contact CAST to get characterization data for your target configuration and technology.



