NIST Finalizes Lightweight Cryptography Standard for Pervasive Small Devices

The National Institute of Standards and Technology (NIST) has officially released its new lightweight cryptography standard, a crucial development aimed at securing the vast and growing landscape of small, connected electronic devices. This finalized standard, designated as NIST Special Publication 800-232, introduces a suite of cryptographic algorithms designed specifically for devices with limited computational power, such as those integral to the Internet of Things (IoT), RFID tags, and medical implants. These miniature technologies, while increasingly ubiquitous, often lack the robust resources of larger computing systems, leaving them vulnerable to cyberattacks. The new standard aims to bridge this gap, providing essential protection for data created and transmitted by these resource-constrained devices.

The Ascon family of cryptographic algorithms forms the foundation of this new standard. NIST selected Ascon in 2023 following an extensive, multiyear public review and evaluation process, which included significant engagement with the cryptographic design community. Ascon, originally developed in 2014 by researchers from Graz University of Technology, Infineon Technologies, and Radboud University, had previously demonstrated its resilience and efficiency in the CAESAR competition, indicating a strong track record of scrutiny by cryptography experts. The standard incorporates four specific variants from the Ascon family, offering developers flexibility to choose the most suitable option for various applications and use cases.

These variants address two primary functions within lightweight cryptography: authenticated encryption with associated data (AEAD) and hashing. ASCON-128 AEAD is designed for scenarios where devices need to encrypt their data and verify its authenticity, or both. A particular benefit of Ascon is its enhanced suitability for implementations that resist side-channel attacks, a common vulnerability in small devices where attackers can infer sensitive information by observing physical characteristics like power consumption or timing. Devices that could benefit from this feature include RFID tags, implanted medical devices, and vehicle toll transponders.

The standard also includes ASCON-Hash 256, a hashing algorithm that generates a unique digital “fingerprint” for data. This function is vital for ensuring data integrity, for instance, during software updates to detect any unauthorized modifications or malware. It can also be employed for password protection and securing digital signatures in financial transactions. This algorithm provides a more resource-efficient alternative to NIST’s established SHA-3 family of hash algorithms. Furthermore, ASCON-XOF 128 and ASCON-CXOF 128 are hash functions that allow for variable hash output sizes. This adaptability is advantageous for small devices, as it enables them to optimize encryption processes by using shorter hashes, thereby reducing energy and time consumption. The CXOF variant introduces an additional feature, allowing for the attachment of customized “labels” to hashes. This is particularly useful in scenarios where multiple small devices might perform similar encryption operations, potentially producing identical hashes that could be exploited by attackers. By incorporating distinct labels, this risk can be mitigated.

NIST has indicated that the new standard is intended to be not only immediately applicable but also capable of future expansion. The agency plans to consider additional functionalities requested by the community, such as dedicated message authentication codes, in future updates, ensuring the standard remains relevant and adaptable to evolving technological needs and security challenges. The development and finalization of this standard represent a significant step in safeguarding the increasingly interconnected world of small electronic devices against emerging cyber threats.

Article by Mel Anara, based upon information from the National Institute of Standards and Technology.

---