What is ASCON?

ASCON is a modern lightweight cryptographic algorithm designed specifically for embedded systems, Internet of Things (IoT) devices, wireless sensors, and microcontrollers. In 2023, ASCON was officially selected by the U.S. National Institute of Standards and Technology (NIST) as the standard for lightweight cryptography.

Ascon-AEAD128 is the primary authenticated encryption algorithm within the Ascon cryptographic family, officially standardized by NIST in NIST SP 800-232 for lightweight cryptography. It is specifically designed to provide both confidentiality and integrity on resource-constrained devices, such as Internet of Things (IoT) sensors and embedded microcontrollers, where traditional ciphers like AES-GCM are too heavy to run efficiently.

Unlike traditional algorithms such as AES-GCM, which can be demanding on memory and processing power, ASCON was built to provide strong security while running efficiently on devices with very limited resources.

Why Was ASCON Created?

Many modern devices operate with only a few kilobytes of RAM and Flash memory. Examples include:

• Smart home sensors
• LoRa communication devices
• STM32 microcontrollers
• Battery-powered IoT devices
• Industrial monitoring systems

For these devices, traditional encryption algorithms can consume excessive memory, CPU cycles, and energy. ASCON solves this problem by offering strong cryptographic security with a much smaller implementation footprint.

Technical Characteristics

ASCON-AEAD128, the primary authenticated encryption variant, uses:

• 128-bit secret key
• 128-bit nonce
• 128-bit authentication tag
• 320-bit internal state
• Five 64-bit registers

It provides both:

• Confidentiality (protecting data from unauthorized access)
• Integrity (detecting modifications or tampering)

How ASCON Works

The encryption process consists of four main phases:

1. Initialization

The algorithm loads:

• Secret key
• Nonce
• Initialization Vector (IV)

The internal state is then processed through multiple permutation rounds.

2. Associated Data Processing

Optional authenticated data, such as packet headers, can be included without being encrypted.

3. Plaintext Encryption

Plaintext is absorbed into the internal state and transformed into ciphertext using ASCON’s permutation function.

4. Finalization

The secret key is mixed into the state again and a 128-bit authentication tag is generated.

During decryption, the authentication tag is verified before the plaintext is accepted.

Advantages of ASCON

Extremely Lightweight

ASCON requires very little RAM and Flash memory, making it ideal for low-cost microcontrollers.

Fast on Small CPUs

It performs particularly well on:

• ARM Cortex-M0
• ARM Cortex-M3
• ARM Cortex-M4
• STM32G0 series
• AVR microcontrollers

Strong Security

ASCON has undergone extensive cryptographic analysis and was selected by NIST after years of public evaluation.

Easy Implementation

The algorithm relies primarily on:

• XOR
• AND
• NOT
• Bit rotations

No large lookup tables are required.

ASCON for LoRa and IoT

ASCON is particularly attractive for LoRa networks because:

• Small code size
• Low power consumption
• Supports authenticated encryption
• Protects against message tampering
• Suitable for battery-powered devices

A typical secure LoRa packet can contain:

• Device ID
• Frame Counter
• Encrypted Payload
• Authentication Tag

This design provides protection against replay attacks and packet modification.

Comparison with Other Algorithms

 

Conclusion

ASCON represents a new generation of cryptography optimized for embedded devices. It combines strong security, small memory requirements, and efficient execution, making it an ideal choice for modern IoT applications, LoRa networks, and microcontroller-based systems.