Lightweight Authenticated Encryption

Isap is a family of lightweight authenticated encryption algorithms designed with a focus on robustness against implementation attacks and reached the final round of the NIST Standardization Process for Lightweight Cryptography (2019–2023). Isap is of particular interest for applications like firmware updates where robustness against power analysis and fault attacks is crucial while codesize and a small footprint in hardware matters. Isap's original version was published at FSE 2017.


  • Authenticated encryption using the lightweight Ascon-p permutation
  • Sponge-based mode of operation using well studied SPN permutations
  • Suitable for constrained devices: Small state, simple permutation
  • Side-channel resistance: Provably secure leakage-resilience for en/decryption
  • Built-in hardening against fault attacks
  • Easy to implement in software and hardware
  • Compact in software: Pipelinable, bit-sliced 5-bit S-box
  • Fast and compact in hardware
  • Scalable for more conservative security or higher throughput
  • Timing resistance: No table look-ups or additions
  • Minimal overhead (ciphertext length = plaintext length)

Isap was designed by a team of cryptographers from Graz University of Technology, Infineon Technologies, and Radboud University:

Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Bart Mennink, Robert Primas and Thomas Unterluggauer.

logo tu graz       logo infineon       logo radboud