The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications.
“The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators,” NIST said. “They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles.”
Put differently, the idea is to adopt security protections via lightweight cryptography in devices that have a “limited amount of electronic resources.”
Ascon is credited to a team of cryptographers from the Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University.
The suite comprises authenticated ciphers ASCON-128, ASCON-128a, and a variant called ASCON-80pq that comes with resistance against quantum key-search. It also offers a set of hash functions ASCON-HASH, ASCON-HASHA, ASCON-XOF, and ASCON-XOFA.
It’s primarily aimed at constrained devices, and is said to be “easy to implement, even with added countermeasures against side-channel attacks,” according to its developers. This means that even if an adversary manages to glean sensitive information about the internal state during data processing, it cannot be leveraged to recover the secret key.
Ascon is also engineered to provide authenticated encryption with associated data (AEAD), which makes it possible to bind ciphertext to additional information, such as a device’s IP address, to authenticate the ciphertext and prove its integrity.
“The algorithm ensures that all of the protected data is authentic and has not changed in transit,” NIST said. “AEAD can be used in vehicle-to-vehicle communications, and it also can help prevent counterfeiting of messages exchanged with the radio frequency identification (RFID) tags that often help track packages in warehouses.”
Implementations of the algorithm are available in different programming languages, such as C, Java, Python, and Rust, in addition to hardware implementations that offer side-channel protections and energy efficiency.
