NIST Unveils New Lightweight Cryptography Standard for IoT Security

Key Takeaways

NIST publishes the first U.S. government benchmark for lightweight cryptography tailored for resource-constrained devices.
The Ascon family of cryptographic algorithms has been selected as the standard after extensive public review.
SP 800-232 provides detailed specifications for four Ascon primitives, enhancing security in the Internet of Things (IoT) and other low-power applications.

New Cryptography Standards for Constrained Devices

The National Institute of Standards and Technology (NIST) has released Special Publication 800-232, titled “Ascon-Based Lightweight Cryptography Standards for Constrained Devices.” This publication marks the first U.S. government benchmark for cryptographic algorithms designed specifically for resource-limited environments such as the Internet of Things (IoT), embedded systems, and low-power sensors.

NIST formally chose the Ascon family of algorithms in February 2023 as part of its Lightweight Cryptography Standardization Process. Ascon emerged as a finalist in the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR), culminating in its selection as the winner after a thorough review process lasting several years.

SP 800-232 details specifications and security guarantees for four Ascon primitives: Ascon-AEAD128 for authenticated encryption, Ascon-Hash256 for hashing, and two extendable-output functions (XOFs), Ascon-XOF128 and Ascon-CXOF128. Ascon-AEAD128 offers nonce-based authenticated encryption with a security strength of 128 bits, suitable for single-key applications. Its operations are lightweight, requiring simple operations like bitwise XORs and rotations, making it particularly well-suited for low-computation-power devices.

The standard details optional security features, including the truncation of the authentication tag and nonce-masking, to mitigate risks associated with potential nonce reuse. Ascon-Hash256 provides a 256-bit digest, ensuring robust preimage and collision resistance. In contrast, Ascon-XOF128 and Ascon-CXOF128 produce variable-length outputs while maintaining 128-bit security strength, with the latter allowing customizable domain separation.

The publication also offers crucial implementation guidance concerning data ordering and precomputed initialization states. Security analyses included in SP 800-232 confirm that Ascon algorithms maintain strong confidentiality and integrity across varied usage scenarios, including situations of nonce misuse.

As the deployment of IoT devices surges—from smart devices to industrial applications—the introduction of SP 800-232 gives manufacturers, developers, and security professionals a solid framework to ensure robust cryptographic protections. By adopting the Ascon standards, devices with limited memory, energy, or processing power can still comply with federal security requirements.

NIST SP 800-232 is now accessible on the Computer Security Resource Center website, welcoming feedback and collaboration from both industry and academia. This lightweight cryptography standard is a notable step forward in fortifying the security of the expanding ecosystem of connected devices as cyber threats become increasingly sophisticated.

The content above is a summary. For more details, see the source article.