There is now an official NIST standard for “lightweight cryptography”.
It brings together four algorithms offering 128-bit security. Their target: IoT, embedded systems, and more generally environments where resources are too constrained for conventional algorithms. They perform two functions: hashing (as an alternative to SHA) and authenticated encryption with associated data (AEAD), as an alternative to AES.
These algorithms are all from the ASCON family. They were developed by Christoph Dobraunig (Intel), Maria Eichlseder (Graz University of Technology), Florian Mndel (Infineon) and Martin Schläffer (Infineon).
A common foundation to streamline implementations
ASCON-128 AEAD can encrypt data and/or verify its authenticity. It is designed to ease implementations that are resistant to side-channel attacks.
ASCON-Hash 256 is a hash function alternative to the SHA-3 algorithms.
ASCON-XOF 128 is another in the family, notable for allowing the hash length to be changed (which lightens the encryption process).
ASCON-CXOF 128 is a variant that adds the possibility of attaching a “label” (a short string) to prevent hash collisions.
All of these features rely on the same permutations. A shared logic that makes implementations even more compact.
The NIST officially launched its lightweight cryptography standardization process ten years ago. It had selected ASCON as the working basis in 2023, following a multi-round process that began in 2018.
