An Efficient Hardware Accelerator for Ascon-128 Lightweight Authenticated Encryption

Abstract

The recent growth in connected devices has made it exceedingly vital to safeguard data communicated by resource-constrained embedded systems in Internet of Things (IoT) applications such as smart grids, industrial automation and critical infrastructure. This underscores the importance of lightweight cryptographic hardware accelerators capable of providing both efficiency and security. In this work, we present an efficient FPGA-based hardware accelerator for authenticated encryption and decryption using the lightweight symmetric key cipher Ascon-128 recently standardized by NIST. This algorithm not only delivers exceptional security and performance, but also supports authentication with associated data, ensuring end-to-end confidentiality and integrity of communicated data. Moreover, Ascon-128 comes with inherent resistance to side-channel attacks, making it highly robust and secure for critical applications. Our design is optimized for processing serial data, which is a requirement often encountered in practical scenarios such as bump-in-the-wire solutions for legacy devices, and our proposed architectural techniques significantly reduce hardware complexity. Additionally, our hardware incorporates both encryption and decryption functionalities within a unified module, enhancing its versatility. Our Ascon-128 architecture is tailored for resource-constrained environments by employing a single serial interface for all data streams, which reduces the FPGA resource utilization to only 2k lookup tables and 1k flip-flops. Our implementations on state-of-the-art Artix-7 and Artix-UltraScale+ commercial FPGA platforms achieve high throughputs of 136 Mbps and 394 Mbps respectively, enabling efficient and lightweight authenticated encryption and decryption of serial data suitable for resource-constrained embedded systems.