2 min read

NIST Picks Lightweight Cryptography Algorithms to Secure Small Devices

NIST Picks Lightweight Cryptography Algorithms to Secure Small Devices

Security experts from the National Institute of Standards and Technology (NIST) have declared Ascon - a group of cryptographic algorithms - as the best data protection for lightweight electronics in their program. This winning selection will be released as NIST's lightweight cryptography standard sometime in 2023.

The algorithms were created to ensure the security of data created and transferred by the Internet of Things (IoT) and its massive amount of small sensors and actuators, as well as other tiny devices like implanted clinical equipment, sensors in roads, and keyless entry remotes for cars. For these gadgets, "lightweight cryptography" protection is necessary that takes into consideration the limited power they have.

With NIST’s development program taking several years to assess potential solutions from the cryptography community, NIST's computer scientists and mathematicians led a multi-round public review process, starting in 2018, which resulted in the selection of the most viable lightweight cryptography algorithm. Their research was prompted by a need for efficient security solutions for small devices with limited resources, used in tasks ranging from sensing to identification to machine control. 57 submissions were received and examined closely by cryptographers who attempted to identify any weaknesses; this eventually led them to select just 10 finalists before choosing the ultimate winner.

In 2014, a team of cryptographers from Radboud University developed Ascon, Graz University of Technology, Lamarr Security Research, and Infineon Technologies. Years of rigorous examination by cryptographers paid off in 2019 when the Cryptographic Authenticated Encryption Algorithm Selection (CAESAR) competition chose Ascon as the best lightweight authenticated encryption algorithm.

The Ascon family of lightweight cryptography comprises seven members, some or all of which may be included in NIST's published standard. All of them offer multiple solutions for various needs, with a great emphasis on the two most important tasks when it comes to lightweight cryptography: AEAD and hashing.

Authenticated encryption with associated data (AEAD) ensures the confidentiality of data, plus it allows supplementary data (like the header of a message or an IP address) to be included unencrypted. The algorithm validates the integrity of all secured data and affirms that it stays untouched during transmission. AEAD can be employed for V2V communication and thwarting counterfeiting connected with RFID messaging in warehouses.

The use of hashing to generate a message's fingerprint enables the recipient to ensure that it hasn't been altered. It is also used in lightweight cryptography, such as verifying if a software update is appropriate or has been appropriately obtained.

Download eBook - PQC and Crypto AgilityThe currently most efficient NIST-approved technique for AEAD is the Advanced Encryption Standard (defined in FIPS 197) used with the Galois/Counter Mode (SP 800-38D), and SHA-256 (specified in FIPS 180-4) is widely used for hashing. These standards continue to be valid for general use.

The aim of the project is not to replace AES or hash standards recommended by NIST, as they are still suitable for devices with higher resource capabilities. Performance-wise, modern processors contain instructions that enable quick and efficient implementations of these algorithms while they are also included in various protocols for robust interoperability.

The new algorithms are not intended to be used for post-quantum encryption, although one of the versions of Ascon possibly provides a level of protection from the style of attack a potent quantum computer could mount. Post-quantum-resistant lightweight cryptography is another current concern of the cryptography community that NIST is working to address using a similar public review process for potential algorithms. For the time being, NIST argues that post-quantum encryption is mainly important for long-term protection of sensitive information, while lightweight cryptography’s main use case is shorter-term applications.

The NIST team intends to cooperate with Ascon's creators and the cryptography community to decide on the details of standardization. Further information can be found on NIST's project website.


As a leader in strong cryptographic technology, Cryptomathic provides the IoT space with best-in-class security solutions for mobile app protection, crypto-agility, key management, and qualified electronic signing. Contact our experts to hear how we can help with your cryptographic requirements.