ACE: an authenticated encryption and hash algorithm

ACE is a lightweight authenticated encryption with associated data and hash algorithm designed to achieve “all-in-one primitive” providing both AEAD and hashing functionalities using the same hardware circuit. The ACE AEAD algorithm supports a 128-bit key and authentication tag size of 128 bits, and the hash algorithm outputs a message digest (hash) of 256 bits. At the core of ACE is a lightweight cryptographic permutation, and its design of the ACE permutation is based on a 5-block Type-2 Generalized Feistel-like Structure (GFS) and round-reduced unkeyed Simeck (Simeck-box) of length 64 bits. The core operations used in the permutation are bitwise XORs, bitwise ANDs, cyclic shifts, and a 64-bit word shuffling permutation. The ACE is designed to be efficient on a wide range of resource constrianed devices, which requires the primitive to be efficient in hardware as well as software.

ACE is designed, at the ComSec Lab at the University of Waterloo, by Mark Aagaard, Riham AlTawy, Guang Gong, Kalikinkar Mandal, Raghvendra Rohit.


Should you have any question or feedback, please do not hesitate to contact us. Email:




Reference code

in C


Hash (ZIP)

Microcontroller code

in assembly language


Hash (ZIP)

Hardware code



HashACE-mCPU-AEAD (zip)