NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.

“The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators,” NIST said. “They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles.”

Put differently, the idea is to adopt security protections via lightweight cryptography in devices that have a “limited amount of electronic resources.” That said, NIST still recommends the Advanced Encryption Standard (AES) and SHA-256 for general use.

Ascon is credited to a team of cryptographers from the Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University.

The suite comprises authenticated ciphers ASCON-128, ASCON-128a, and a variant called ASCON-80pq that comes with resistance against quantum key-search. It also offers a set of hash functions ASCON-HASH, ASCON-HASHA, ASCON-XOF, and ASCON-XOFA.

It’s primarily aimed at constrained devices, and is said to be “easy to implement, even with added countermeasures against side-channel attacks,” according to its developers. This means that even if an adversary manages to glean sensitive information about the internal state during data processing, it cannot be leveraged to recover the secret key.

Ascon is also engineered to provide authenticated encryption with associated data (AEAD), which makes it possible to bind ciphertext to additional information, such as a device’s IP address, to authenticate the ciphertext and prove its integrity.

“The algorithm ensures that all of the protected data is authentic and has not changed in transit,” NIST said. “AEAD can be used in vehicle-to-vehicle communications, and it also can help prevent counterfeiting of messages exchanged with the radio frequency identification (RFID) tags that often help track packages in warehouses.”

Implementations of the algorithm are available in different programming languages, such as C, Java, Python, and Rust, in addition to hardware implementations that offer side-channel protections and energy efficiency.

When reached for comment, the Ascon team told The Hacker News that it’s looking forward to the standardization process in the coming months.

“While we’ve already been working on Ascon for almost 10 years, this decision will trigger interesting new questions related to practical requirements and thus advance the research further,” Maria Eichlseder, assistant professor of cryptography at Graz University of Technology, said.

“We also see this as a great opportunity for further research in secure implementations of Ascon and related designs, such as ISAP.”