The widespread use of the internet of things (IoT) is due to the value of the data collected by IoT devices. These IoT devices generate, process, and exchange large amounts of safety-critical or privacy-sensitive data. Before transmission, the data should be protected against information leakage and data stealing. Deploying authenticated encryption with additional data (AEAD) algorithms on IoT devices ensures data confidentiality and integrity. However, AEAD algorithms are computationally intensive, while IoT devices are resource constrained or even battery powered. Therefore, a low-cost, low-power, and high-efficiency method of implementing an AEAD algorithm into resource-constrained IoT devices is required. The SM4-CCM algorithm, introduced in RFC 8998, is selected as the AEAD algorithm to address this problem. Algorithms similar to SM4-CCM (e.g., SM4 and AES-CCM) provide many architectural design references, but it is challenging to decide which architecture is the most suitable for SM4-CCM. In order to find the most efficient SM4-CCM hardware architecture, a design space exploration method is proposed. Firstly, the SM4-CCM algorithm is divided into five layers, and three candidate architectures are provided for each layer. Secondly, 63 design schemes for SM4-CCM are constructed by combining candidate architectures from each layer. Finally, a batch number of comparisons and analyses of experimental results are used to identify the most efficient one. Under TSMC 90 nm technology, the experimental results of the identified scheme show that the throughput, power consumption, and area achieve 199.99 Mbps, 1.625 mW, and 14.6 K gates, respectively. As a proof of concept, implementing this scheme on an FPGA board is also presented.