Xiphera adds lightweight cryptography to its stream cipher portfolio

The new Ascon lightweight IP core offers a smaller alternative for devices with limited resources.

April 27, 2023 -- Xiphera releases XIP2201B, an IP core which supports the Ascon lightweight cryptographic suite. This IP core is especially useful for small devices used in Industrial IoT.

In August 2018, the US based National Institute of Standards and Technology (NIST) launched a competition to standardise a lightweight cryptographic algorithm. The purpose of the competition was to standardise an algorithm with minimal resources (i.e. lightweight) that is able to perform multiple cryptographic primitives. This type of algorithm is especially useful for small devices that have constraints on resources, e.g. IoT devices. Out of 56 candidates in the competition, Ascon came out victorious.

Ascon is a lightweight, sponge-based, algorithm that can perform three cryptographic primitives: authenticated encryption with associated data (AEAD), hashing, and extendable output function (XOF). AEAD is a cryptographic scheme where one can encrypt as well as authenticate data, preserving privacy and integrity of the sent data. Associated data refers to data that is not encrypted but is also authenticated. Hashing is a one-way input function mapping messages to fixed length hashes such that a hash cannot be inverted back to the message. XOFs are like hashes but they allow for variable length outputs.

There exist algorithms that provide the primitives: AES-GCM is the most common AEAD algorithm, SHA-2 and SHA-3 are widely used for hashing, and SHAKE is used for XOFs. Instead of using multiple different structures to compute these functions, Ascon uses a single permutation-based operation to compute all three. For these primitives, Ascon also provides multiple variants. XIP2201B supports all variants of Ascon (128, 128a, 80pq, Hash, Hasha, XOF, XOFa) and vows to update the algorithms as newer versions are standardised.

The intention with Ascon is not to replace the already widely used AES-GCM and SHA-3 algorithms, but rather to offer a smaller alternative for devices with limited resources. "The efficiency of Ascon, especially for small inputs, makes Ascon a very good choice for IoT devices.", says Perttu Saarela, a cryptographic engineer at Xiphera.

For more information, visit the product page for XIP2201B. You can also download the full product brief here.