NIST announces lightweight cryptography selection
On February 7, 2023, the National Institute of Standards and Technology (NIST) in the United States announced its selection for the standardization of lightweight cryptography (LWC). The winner is the Ascon lightweight family of algorithms, which includes mechanisms that can perform authenticated encryption with associated data (AEAD) as well as cryptographic hashing. Ascon was initially designed in 2014 by European cryptographers from Graz University of Technology, Infineon Technologies, Lamarr Security Research and Radboud University. NIST initiated its selection process to standardize LWC algorithms in 2018 and conducted significant analysis of submissions over several years and multiple rounds. NIST plans to publish the standard later in 2023.
Although this announcement is an important step towards standardization, the Cyber Centre continues to advise organizations to wait until the final standard is published and further guidance is released before using this suite of algorithms for secure communication and data storage. It is important to note that lightweight algorithms are designed for constrained use cases and are not recommended for general use applications. We continue to recommend AES with GCM or CCM for AEAD and the SHA2/3 families for hashing in our guidance for cryptographic algorithms (ITSP.40.111).
About lightweight cryptography
In our National Cyber Threat Assessment 2023-2024, we noted that the rapid expansion of Internet-connected operational technology and smart systems is an evolving cyber security risk. These systems include small devices, such as Internet of things devices, which have limited resources and for which traditional cryptographic algorithms may be an operational burden.
This is where LWC comes in. LWC has the potential to improve the cyber security of small devices with unique cryptography needs. Whereas traditional cryptography can be very efficient in servers, personal computers and smart phones, LWC offers a solution that reduces the resource requirements of cryptography. These algorithms, while being cryptographically secure, are designed to run efficiently in hardware constrained by physical size and power as well as in software limited by memory and code size. Examples include contactless smart cards, radio frequency identification devices, healthcare devices, distributed control systems, cyber physical systems and so on.
The Cyber Centre is part of the Communications Security Establishment and is Canada’s authority on cyber security and cryptography. Contact the Cyber Centre by email at [email protected] or by phone at 1-833-CYBER-88 if you have further questions.