Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects

Lightweight Cryptography

Overview

NIST began investigating cryptography for constrained environments in 2013. After two workshops and discussions with stakeholders in industry, government, and academia, NIST initiated a process to solicit, evaluate, and standardize schemes providing authenticated encryption with associated data (AEAD) and optional hashing functionalities for constrained environments where the performance of current NIST cryptographic standards is not acceptable. In 2018, NIST published a call for algorithms to describe the requirements, selection process and the evaluation criteria.  

  • Round 1. In March 2019, NIST received 57 submissions to be considered for standardization. The first round of the NIST lightweight cryptography standardization process began with the announcement of 56 Round 1 in April 2019 and ended in August 2019. NISTIR 8268 explains the evaluation of the first-round candidates and names 32 candidate algorithms advancing to the second round of the evaluation process.  
  • Round 2. The second round of the NIST lightweight cryptography standardization process began when NIST announced the 32 Round 2 in August 2019 and concluded when the finalists were announced in March 2021. NISTIR 8369 explains the evaluation of the second-round candidates and names 10 finalists.  
  • Final Round. The final round of the process began with the announcement of the 10 finalists and ended when NIST announced the selection of the Ascon family in February 2023. NISTIR 8454 describes the evaluation of the finalists and explains the selection of the Ascon family.   

The timeline of the standardization process is provided here

Standardization Phase 

The initial public draft (ipd) of Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions, is now available for public comment. Please send your comments to [email protected] by February 7, 2025

Acknowledgments 

NIST thanks the submission teams, who developed and designed the candidates; the cryptographic community, who analyzed the candidates, shared their comments through the lwc-forum, and published papers on various technical aspects of the candidates; the developers who provided optimized implementations of the candidates; and organizers of hardware and software benchmarking initiatives, for their contributions in understanding the performance characteristics of the algorithms on various target platforms.  

Contacts

Lightweight Crypto Technical Inquiries
[email protected]

Donghoon Chang

John Kelsey

Kerry McKay

Meltem Sönmez Turan

Noah Waller

Topics

Security and Privacy: lightweight cryptography

Created January 03, 2017, Updated November 08, 2024