The National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptographic applications.
“Selected algorithms are designed to protect the information created and transmitted by the Internet of Things (IoT), including myriad tiny sensors and actuators,” NIST said. It is also designed for other compact technologies such as implantable medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles. “
In other words, the idea is to employ lightweight cryptographic security protections for devices with “limited amounts of electronic resources.”
Ascon is credited to Graz University of Technology, Infineon Technologies, Lamarr Security Research, and a team of cryptographers from Radboud University.
The suite consists of authenticated ciphers ASCON-128, ASCON-128a, and a variant called ASCON-80pq that is resistant to quantum key searches. It also provides a set of hash functions ASCON-HASH, ASCON-HASHA, ASCON-XOF, and ASCON-XOFA.
It is primarily intended for constrained devices and is said by its developers to be “easier to implement, even with additional countermeasures against side-channel attacks.” In other words, even if an adversary can glean sensitive information about internal state during data processing, it cannot be used to recover the private key.
Ascon is also designed to provide authenticated encryption with associated data (AEAD). This allows you to bind the ciphertext to additional information, such as the device’s IP address, to authenticate the ciphertext and prove its integrity.
“This algorithm ensures that all protected data is genuine and has not been altered in transit,” NIST said. “AEAD can be used for vehicle-to-vehicle communication and also helps prevent forgery of messages exchanged with radio frequency identification (RFID) tags, which are often useful in tracking packages in warehouses.”
Implementations of the algorithms are available in various programming languages such as C, Java, Python, and Rust, along with hardware implementations that provide side-channel protection and energy efficiency.
