Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Ascon cipher mode, see the list of symbols[/URL] in the diagram.
In February 2023, the National Institute of Standards and Technology (NIST) selected a lightweight cryptography standard for RFID, sensors, the Internet of Things, and other devices with limited hardware resources. The winner of the competition was the Ascon cipher family (zip file, specs, changelog).
Nowadays, miniature devices and sensors are beginning to be used for a variety of tasks, from sensing and identification to machine control. These miniature applications include:
- implantable medical devices;
- pressure sensors on roads and bridges;
- Car keychains.
By definition, standard cryptographic operations with large data blocks are not feasible there. At the same time, it is critical to protect information from such sensors from counterfeiting. For such applications, NIST came up with lightweight cryptography. A competition was announced in 2018 to determine the standard.
Having received 57 applications, the organization conducted a multi-stage procedure for eliminating candidates, trying to find the weak points of each algorithm. At some point, NIST experts decided to exclude very strong Simon and Speck ciphers from the NSA from the competition due to a lack of trust. In 2013, it became known about the NSA's bookmark in the Dual_EC_DRBG pseudorandom number generator, which tarnished the reputation of this organization in the eyes of the cryptographic community.
In the end, the list was reduced to ten finalists. Each family of algorithms has its own advantages and disadvantages. As stated in the report on the results of the second round, almost all the proposed ciphers use a combination of easy-to-implement substitution and permutation operations to operate.
The main criterion was security, but the competition jury also assessed the performance and flexibility of the algorithm in terms of speed, size and energy consumption. In the end, the winner was Ascon.
Ascon Family
The Ascon family was developed in 2014 by a group of cryptographers from the Graz University of Technology (Austria), Infineon Technologies, Lamarr Security Research and Radboud University.
Maria Eichlseder, one of the developers of Ascon
This algorithm can already be called proven. In 2019, it was chosen as the main variant of lightweight encryption in the finals of the CAESAR competition, that is, it has stood the test of time and the assessment of the cryptographic community.
Currently, the Ascon family includes seven ciphers. Some or all of them may become part of the official NIST standard (it will be published later). The variants provide a wide range of functionality that will offer developers options for solving various problems.
The two most important problems in lightweight cryptography are:
- Authenticated Encryption with Associated Data (AEAD);
- hashing.
Ascon ciphers successfully solve these problems.
Parameters of the recommended Ascon authenticated encryption schemes
Parameters of the recommended Ascon hashing algorithms
AEAD encrypts the message, but also allows additional information (such as the message header or the IP address of the device) to be included in the clear. The algorithm ensures that all protected data is authentic and has not been modified during transmission. AEAD can be used for vehicle-to-vehicle communication, and it guarantees the authenticity of messages from RFID tags, which are often used to track packages.
Hashing creates a short digital fingerprint of the message, and its applications are well known.
Currently, the most effective and officially approved AEAD method is AES (FIPS 197) in Galois/Counter Mode (SP 800-38D), while SHA-256 (FIPS 180-4) is widely used for hashing. These standards remain valid for general use.
The purpose of adopting new standards is not to replace AES or SHA-256. They remain robust and NIST-recommended algorithms. And they are still recommended for use on devices that have no limitations on computing resources. Many processors have built-in instructions to hardware-accelerate such operations. In addition, these algorithms are included in many protocols and should continue to be supported for compatibility purposes.
At the same time, Ascon requires a minimal microcontroller and only twelve registers (ten status registers and two temporary ones). The table shows the performance of Ascon-128 in CPU cycles per byte of ciphertext (source):
The official NIST standard for lightweight cryptography will be published later in 2023.
Source
