The process for standardization of a lightweight crypto (LWC) algorithm is now complete, and US standards body NIST has selected Ascon as the new standard for LWC. Ascon is an algorithm proposed by an international team of scientists that delivers strong performance and security at a low cost.
Lightweight crypto is symmetric encryption technology that runs well on constrained systems, like IoT. These products are made affordable by using chips with limited capabilities. These chips run on lower clock speeds, may not be able to implement crypto in hardware, and have little memory available. Nevertheless, IoT devices may need to deliver end-to-end security, including real-time video encryption, even with these limitations.
The dominant algorithm for symmetric encryption today is the Advanced Encryption Standard (AES), which can be fast, but also costly in terms of memory or chip surface needs. Also, secure communication requires more than just encryption. There is a need for message integrity, too. While AES can play a role there, secure protocols often also require hashing, for which algorithms like SHA-3 are used.
Ascon, as an LWC solution, uses the newest insights to deliver multiple security services while achieving the same level of security at a lower cost. Rather than just providing encryption, it provides “authenticated encryption,” which means that the algorithm delivers encryption and integrity verification at once. With this, there is no longer a need to implement separate algorithms for encryption and hashing.
The new algorithm is designed to operate on 64-bit operands, and its most frequent steps are ordinary arithmetic operations, supported by any processor. The new algorithm is also interesting for hardware implementation as it needs a low number of gates and can process data using much less energy than AES — particularly useful for battery-powered sensors.
Although Ascon has been designed with the newest insights, it is not immune to common cryptographic threats like side-channel analysis and fault analysis. The first papers claiming successful attacks have already been published, along with potential defense strategies. We expect that Ascon, now becoming standardized, will be a significant ingredient in cybersecurity. We understand the algorithm, and its attacks, and have the expertise to evaluate its implementations. Are you working on a product that uses Ascon? We would be happy to help you evaluate its strengths and make sure your product achieves its intended security.
The Ascon specification is available on the NIST website.