playascon
first online tool for Ascon cipher on the internet
Intro
Ascon is a cipher suite that provides Authenticated Encryption with Associated Data (AEAD) and hashing functionality [DEMS21]. It has been selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition (2014–2019), and has also been selected by the US National Institute of Standards and Technology (NIST) for future standardization of lightweight cryptography (Feb, 2023). In other words, it’s the winner of the NIST competition for Lightweight Cryptography (LWC). As the name suggests, its meant to be a lightweight cipher to be easily implemented in resource-constrained devices.
Now when you approach to study Ascon, it’s very helpful to find an online tool that gives you an easy access to its results. You need it to do some quick tests without the need to open your IDE and run a code that might not work for the first time as you want. That’s why I built ‘playascon’.
playascon is a pure Javascript implementation of Ascon cipher that runs in your browser without any server-side latency. There is no ads or fancy designs. There is no need to tell that it’s open source because you’ll find all the code in your browser already, but you will also find the whole project on github as well.
Variants
Ascon is a family of many variants:
As discussed in the LWC-Forum, NIST is considering only some of these variants to be standardized, which are: Ascon-128, Ascon-128a for AEAD, and Ascon-XOF for hashing. Therefore, those are the variants I chose to put in playascon.
Features
Along with the basic functionality of the tool which is encryption, decryption, and hashing, I want to discuss two options that could help:
1- You can enter your plaintext as raw text or hexadecimal data. This is quite useful as it serves both the need to encrypt normal English or non-English (which we’ll talk about later) text, or to encrypt hexadecimal data when you want to try values from the NIST test vectors for example.
2- Another available option is to encrypt texts with non-English characters. So Arabic, Persian, Russian, Chinese, and other characters can all be used.
This is done by simply URL-encoding the characters before encrypting it. Also, URL-decoding is done after decryption to recover the original text.
KATs
To ensure the correctness of playascon results, I used Known Answer Tests (KATs) generated from the Python implementation of Ascon by Maria Eichlseder (one of the Ascon authors). You can also run the tests yourself from the KATs page.
To have an idea what these KATs look like, you can visit: https://playascon.github.io/KATs/LWC_AEAD_KAT_128.js
Capture The Flag
To make this tool more fun, I’ve added an easy CTF (Capture The Flag) challenge to be solved. I am planning to add more challenges, to help you visualize how a nonce misuse attack could take place for example.
Hall of Fame
After the initial release of playascon, people started testing it and found some bugs in the format of the data displayed. You can find the two issues here:
- By Joshua Holden: https://github.com/motarekk/motarekk.github.io/issues/1
- By Majid M.Niknam: https://groups.google.com/a/list.nist.gov/g/lwc-forum/c/1k6o4hlYG6A/m/gaYrfxFxAgAJ
As a sign of appreciation for reaching out, I made a Hall of Fame to list their names. And that’s the beauty of open source projects, when people reach out to fix bugs and get acknowledged, and other users of the project get the benefit of a well-functional project.
Conclusion
I hope playascon will be the way-to-go tool for students to play out with Ascon, which is expected to have a very important role in the upcoming era of securing lightweight devices. The main reward I am welling to get from this project is to see feedbacks like this:
Thanks for reading.
