A Fast and Compact RISC-V Accelerator for Ascon and Friends

Stefan Steinegger*, Robert Primas

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Ascon-p is the core building block of Ascon, the winner in the lightweight category of the CAESAR competition. With Isap, another Ascon-p-based AEAD scheme is currently competing in the 2nd round of the NIST lightweight cryptography standardization project. In contrast to Ascon, Isap focuses on providing hardening/protection against a large class of implementation attacks, such as DPA, DFA, SFA, and SIFA, entirely on mode-level. Consequently, Ascon-p

can be used to realize a wide range of cryptographic computations such as authenticated encryption, hashing, pseudorandom number generation, with or without the need for implementation security, which makes it the perfect choice for lightweight cryptography on embedded devices.

In this paper, we implement Ascon-p

as an instruction extension for RISC-V that is tightly coupled to the processors register file and thus does not require any dedicated registers. This single instruction allows us to realize all cryptographic computations that typically occur on embedded devices with high performance. More concretely, with Isap and Ascon’s family of modes for AEAD and hashing, we can perform cryptographic computations with a performance of about 2 cycles/byte, or about 4 cycles/byte if protection against fault attacks and power analysis is desired.

As we show, our instruction extension requires only 4.7 kGE, or about half the area of dedicated Ascon co-processor designs, and is easy to integrate into low-end embedded devices like 32-bit ARM Cortex-M or RISC-V microprocessors. Finally, we analyze the provided implementation security of Isap, when implemented using our instruction extension.
Original languageEnglish
Title of host publicationSmart Card Research and Advanced Applications - 19th International Conference, CARDIS 2020, Revised Selected Papers
Subtitle of host publication19th International Conference, CARDIS 2020, Virtual Event, November 18–19, 2020, Revised Selected Papers
EditorsPierre-Yvan Liardet, Nele Mentens
Place of PublicationCham
Number of pages15
ISBN (Print)978-3-030-68486-0
Publication statusPublished - 1 Jan 2021
EventCARDIS 2020: 19th Smart Card Research and Advanced Application Conference - Virtuell, Germany
Duration: 18 Nov 202019 Nov 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12609 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCARDIS 2020
Abbreviated titleCARDIS
Internet address


  • Ascon
  • Authenticated encryption
  • CV32E40P
  • Fault attacks
  • Hardware acceleration
  • Isap
  • Leakage resilience
  • RI5CY
  • RISC-V
  • Side-channels

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'A Fast and Compact RISC-V Accelerator for Ascon and Friends'. Together they form a unique fingerprint.

Cite this