Optimizing Ascon for 32-bit Architectures, Fast Implementations for RISC-V and Xtensa

This repository contains my Bachelor's Thesis and the optimized implementations of Ascon that I created for the thesis.

Thesis

The Bachelor's Thesis is available in thesis.pdf.

Implementations

Name	Architecture	Strategy	Notes
ESP32
c_opt64_lowsize	Xtensa LX6	shift	Ascon-C
c_opt64	Xtensa LX6	shift	Ascon-C
asm_xtensa_bi32_ror*	Xtensa LX6	bit-interleaved, ror
asm_xtensa_fsr*	Xtensa LX6	fsr
ESP32-C3
c_opt64_lowsize	RISC-V 32-bit	shift	Ascon-C
c_opt64	RISC-V 32-bit	shift	Ascon-C
asm_rv32_campos	RISC-V 32-bit	shift	Campos et al.
asm_rv32_shift*	RISC-V 32-bit	shift
riscvOVPsim+
c_opt64_lowsize	RISC-V 32-bit	shift	Ascon-C
c_opt64	RISC-V 32-bit	shift	Ascon-C
asm_rv32_campos	RISC-V 32-bit	shift	Campos et al.
asm_rv32_shift*	RISC-V 32-bit	shift
asm_rv32_Zbb_shift*	+Zbb	shift	with andn, orn, ror, rev8
asm_rv32_Zbb_bi32_ror*	+Zbb	bit-interleaved, ror	with andn, orn, ror, rev8
asm_rv32_Zbkb_bi32_ror*	+Zbkb	bit-interleaved, ror	with zip, unzip, pack
asm_rv32_Zbp_bi32_ror*	+Zbp	bit-interleaved, ror	with packu
asm_rv32_Zbt_fsr*	+Zbt	fsr	with fsr

Implementations marked with * are new implementations. All implementations implement Ascon128a, Ascon128, Ascon80pq, AsconHash, AsconHasha, AsconXof, and AsconXofa, except asm_rv32_campos, which only implements Ascon128a.

Benchmark Results

The benchmarking framework that was created for this thesis is available here.

Performance in cycles per byte, for long inputs (32 kB)

Name	Ascon128a	Ascon128	AsconHasha	AsconHash
		Ascon80pq	AsconXofa	AsconXof
ESP32
c_opt64_lowsize	98.76 c/B	141.53 c/B	178.04 c/B	260.14 c/B
c_opt64	85.01 c/B	127.49 c/B	156.95 c/B	230.07 c/B
asm_xtensa_bi32_ror*	70.87 c/B	100.09 c/B	115.47 c/B	166.54 c/B
asm_xtensa_fsr*	51.01 c/B	77.18 c/B	95.68 c/B	139.24 c/B
ESP32-C3
c_opt64_lowsize	78.35 c/B	112.81 c/B	140.88 c/B	205.97 c/B
c_opt64	70.83 c/B	102.90 c/B	129.44 c/B	194.27 c/B
asm_rv32_campos	70.13 c/B	n/a	n/a	n/a
asm_rv32_shift*	66.30 c/B	97.35 c/B	124.00 c/B	183.34 c/B
riscvOVPsim+
c_opt64_lowsize	76.18 c/B	110.36 c/B	138.66 c/B	202.70 c/B
c_opt64	68.85 c/B	101.10 c/B	128.15 c/B	189.69 c/B
asm_rv32_campos	68.79 c/B	n/a	n/a	n/a
asm_rv32_shift*	64.79 c/B	94.85 c/B	121.17 c/B	179.72 c/B
asm_rv32_Zbb_shift*	58.65 c/B	87.59 c/B	114.91 c/B	171.46 c/B
asm_rv32_Zbb_bi32_ror*	54.71 c/B	74.45 c/B	84.87 c/B	122.40 c/B
asm_rv32_Zbkb_bi32_ror*	41.44 c/B	61.19 c/B	78.23 c/B	115.77 c/B
asm_rv32_Zbp_bi32_ror*	40.94 c/B	60.69 c/B	77.98 c/B	115.52 c/B
asm_rv32_Zbt_fsr*	38.62 c/B	57.56 c/B	74.85 c/B	111.39 c/B

Performance in cycles per byte, for short inputs (16 B)

Name	Ascon128a	Ascon128	AsconHasha	AsconHash
		Ascon80pq	AsconXofa	AsconXof
ESP32
c_opt64	918.61 c/B	874.50 c/B	564.61 c/B	760.94 c/B
c_opt64_lowsize	398.83 c/B	441.23 c/B	588.36 c/B	793.44 c/B
asm_xtensa_bi32_ror*	293.27 c/B	310.49 c/B	442.69 c/B	595.77 c/B
asm_xtensa_fsr*	214.51 c/B	239.00 c/B	365.68 c/B	496.25 c/B
ESP32-C3
c_opt64	1548.91 c/B	942.02 c/B	902.54 c/B	7484.96 c/B
c_opt64_lowsize	320.40 c/B	354.51 c/B	472.86 c/B	635.43 c/B
asm_rv32_campos	303.58 c/B	n/a	n/a	n/a
asm_rv32_shift*	273.79 c/B	301.60 c/B	471.46 c/B	649.71 c/B
riscvOVPsim+
c_opt64_lowsize	310.37 c/B	344.30 c/B	461.14 c/B	621.14 c/B
asm_rv32_campos	285.71 c/B	n/a	n/a	n/a
c_opt64	277.21 c/B	307.99 c/B	431.01 c/B	584.95 c/B
asm_rv32_shift*	265.59 c/B	292.46 c/B	459.70 c/B	635.20 c/B
asm_rv32_Zbb_shift*	240.77 c/B	268.84 c/B	435.08 c/B	604.58 c/B
asm_rv32_Zbb_bi32_ror*	222.52 c/B	231.87 c/B	325.01 c/B	437.51 c/B
asm_rv32_Zbkb_bi32_ror*	172.71 c/B	190.46 c/B	298.51 c/B	411.01 c/B
asm_rv32_Zbp_bi32_ror*	170.84 c/B	189.27 c/B	297.51 c/B	410.01 c/B
asm_rv32_Zbt_fsr*	160.77 c/B	178.84 c/B	285.08 c/B	394.58 c/B

Performance difference in percent, for long inputs (32 kB)

Name	Ascon128a	Ascon128	AsconHasha	AsconHash
		Ascon80pq	AsconXofa	AsconXof
ESP32
c_opt64_lowsize	$\color{red}\text{+13.93 \%}$	$\color{red}\text{+9.92 \%}$	$\color{red}\text{+11.84 \%}$	$\color{red}\text{+11.56 \%}$
c_opt64	ref	ref	ref	ref
asm_xtensa_bi32_ror*	$\color{green}\text{-19.95 \%}$	$\color{green}\text{-27.38 \%}$	$\color{green}\text{-35.93 \%}$	$\color{green}\text{-38.15 \%}$
asm_xtensa_fsr*	$\color{green}\text{-66.65 \%}$	$\color{green}\text{-65.19 \%}$	$\color{green}\text{-64.04 \%}$	$\color{green}\text{-65.23 \%}$
ESP32-C3
c_opt64_lowsize	$\color{red}\text{+10.50 \%}$	$\color{red}\text{+8.79 \%}$	$\color{red}\text{+8.12 \%}$	$\color{red}\text{+5.68 \%}$
c_opt64	$\color{red}\text{+0.99 \%}$	ref	ref	ref
asm_rv32_campos	ref	n/a	n/a	n/a
asm_rv32_shift*	$\color{green}\text{-5.77 \%}$	$\color{green}\text{-5.70 \%}$	$\color{green}\text{-4.39 \%}$	$\color{green}\text{-5.96 \%}$
riscvOVPsim+
c_opt64_lowsize	$\color{red}\text{+9.69 \%}$	$\color{red}\text{+8.39 \%}$	$\color{red}\text{+7.58 \%}$	$\color{red}\text{+6.42 \%}$
c_opt64	$\color{red}\text{+0.08 \%}$	ref	ref	ref
asm_rv32_campos	ref	n/a	n/a	n/a
asm_rv32_shift*	$\color{green}\text{-6.19 \%}$	$\color{green}\text{-6.59 \%}$	$\color{green}\text{-5.76 \%}$	$\color{green}\text{-5.55 \%}$
asm_rv32_Zbb_shift*	$\color{green}\text{-17.29 \%}$	$\color{green}\text{-15.43 \%}$	$\color{green}\text{-11.52 \%}$	$\color{green}\text{-10.63 \%}$
asm_rv32_Zbb_bi32_ror*	$\color{green}\text{-25.75 \%}$	$\color{green}\text{-35.79 \%}$	$\color{green}\text{-51.00 \%}$	$\color{green}\text{-54.97 \%}$
asm_rv32_Zbkb_bi32_ror*	$\color{green}\text{-66.01 \%}$	$\color{green}\text{-65.23 \%}$	$\color{green}\text{-63.80 \%}$	$\color{green}\text{-63.85 \%}$
asm_rv32_Zbp_bi32_ror*	$\color{green}\text{-68.04 \%}$	$\color{green}\text{-66.59 \%}$	$\color{green}\text{-64.33 \%}$	$\color{green}\text{-64.21 \%}$
asm_rv32_Zbt_fsr*	$\color{green}\text{-78.12 \%}$	$\color{green}\text{-75.65 \%}$	$\color{green}\text{-71.20 \%}$	$\color{green}\text{-70.30 \%}$

Performance difference in percent, for short inputs (16 B)

Name	Ascon128a	Ascon128	AsconHasha	AsconHash
		Ascon80pq	AsconXofa	AsconXof
ESP32
c_opt64	$\color{red}\text{+56.58 \%}$	$\color{red}\text{+49.54 \%}$	ref	ref
c_opt64_lowsize	ref	ref	$\color{red}\text{+4.04 \%}$	$\color{red}\text{+4.10 \%}$
asm_xtensa_bi32_ror*	$\color{green}\text{-35.99 \%}$	$\color{green}\text{-42.11 \%}$	$\color{green}\text{-27.54 \%}$	$\color{green}\text{-27.72 \%}$
asm_xtensa_fsr*	$\color{green}\text{-85.93 \%}$	$\color{green}\text{-84.61 \%}$	$\color{green}\text{-54.40 \%}$	$\color{green}\text{-53.34 \%}$
ESP32-C3
c_opt64	$\color{red}\text{+80.40 \%}$	$\color{red}\text{+62.37 \%}$	$\color{red}\text{+47.61 \%}$	$\color{red}\text{+91.51 \%}$
c_opt64_lowsize	$\color{red}\text{+5.25 \%}$	ref	ref	ref
asm_rv32_campos	ref	n/a	n/a	n/a
asm_rv32_shift*	$\color{green}\text{-10.88 \%}$	$\color{green}\text{-17.54 \%}$	$\color{green}\text{-0.30 \%}$	$\color{red}\text{+2.20 \%}$
riscvOVPsim+
c_opt64_lowsize	$\color{red}\text{+10.68 \%}$	$\color{red}\text{+10.55 \%}$	$\color{red}\text{+6.53 \%}$	$\color{red}\text{+5.83 \%}$
asm_rv32_campos	$\color{red}\text{+2.98 \%}$	n/a	n/a	n/a
c_opt64	ref	ref	ref	ref
asm_rv32_shift*	$\color{green}\text{-4.38 \%}$	$\color{green}\text{-5.31 \%}$	$\color{red}\text{+6.24 \%}$	$\color{red}\text{+7.91 \%}$
asm_rv32_Zbb_shift*	$\color{green}\text{-15.13 \%}$	$\color{green}\text{-14.57 \%}$	$\color{red}\text{+0.93 \%}$	$\color{red}\text{+3.25 \%}$
asm_rv32_Zbb_bi32_ror*	$\color{green}\text{-24.58 \%}$	$\color{green}\text{-32.83 \%}$	$\color{green}\text{-32.61 \%}$	$\color{green}\text{-33.70 \%}$
asm_rv32_Zbkb_bi32_ror*	$\color{green}\text{-60.51 \%}$	$\color{green}\text{-61.71 \%}$	$\color{green}\text{-44.39 \%}$	$\color{green}\text{-42.32 \%}$
asm_rv32_Zbp_bi32_ror*	$\color{green}\text{-62.27 \%}$	$\color{green}\text{-62.72 \%}$	$\color{green}\text{-44.87 \%}$	$\color{green}\text{-42.67 \%}$
asm_rv32_Zbt_fsr*	$\color{green}\text{-72.42 \%}$	$\color{green}\text{-72.22 \%}$	$\color{green}\text{-51.19 \%}$	$\color{green}\text{-48.25 \%}$