[throw0101c]

Any reason not to use Ascon, which not only got Official Status™ from NIST:

* https://www.nist.gov/news-events/news/2023/02/nist-selects-l...

* https://csrc.nist.gov/pubs/sp/800/232/final

But was also a lightweight finalist in CAESAR (along with ACORN):

* https://en.wikipedia.org/wiki/CAESAR_Competition

* https://en.wikipedia.org/wiki/Ascon_(cipher)

[201984]

Ascon is a stream-oriented AEAD, not a block cipher, and it requires a nonce. Because of this, it would not work for the usecases in TFA, not to mention it's also quite a bit slower than Speck.