The National Institute of Standards and Technology (NIST) has unveiled its “lightweight cryptography” standard for small network devices after years of review.
Released on Wednesday, NIST’s standard can help protect information created and transmitted by Internet of Things (IoT) devices and other small electronics – such as medical implants – which often contain less computing components than other devices but still need protection from cyberattacks.
“It’s the little things that matter most, as the saying goes,” said the agency. “NIST’s newly finalized lightweight cryptography standard provides a defense from cyberattacks for even the smallest of networked electronic devices.”
The standard was based on cryptographic algorithms in the Ascon family, released by NIST in 2023 with the aim of later transforming into the standard released this week.
Four variants within the Ascon standard include focus on authenticated encryption with associated data and hashing that “give designers different options for different use cases.”
“We encourage the use of this new lightweight cryptography standard wherever resource constraints have hindered the adoption of cryptography,” said NIST computer scientist Kerry McKay, who co-led the project.
“We’ve taken the community’s feedback and tried to provide a standard that can be easily followed and implemented, but we are also trying to be forward-looking in terms of being able to build on it,” she added.
While the standard can be used immediately, McKay said that following feedback from the design community, the agency is looking to expand the standard to meet future needs.
“There are additional functionalities people have requested that we might add down the road, such as a dedicated message authentication code,” said McKay, adding that “we plan to start considering these possibilities very soon.”