The National Institute of Standards and Technology has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable.
There are several emerging areas in which highly-constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Examples of these include: sensor networks, healthcare, distributed control systems, the internet of things devices, cyber physical systems, and the smart grid. Security and privacy is vitally important in all of these areas, NIST said.
Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into the constrained resources listed above. If current algorithms can be made to fit into the limited resources of constrained environments, their performance may not be adequate, according to NIST.
The initial phase of evaluation will consist of approximately 12 months of public review of the submitted algorithms. During this initial review period, NIST intends to evaluate the submitted algorithms as outlined in the call for submissions. Depending on the number of submissions, NIST may eliminate algorithms from consideration early in the first evaluation phase to focus analysis on the strongest submissions. NIST said a workshop will be held 10 to 11 months after the submission deadline to discuss analysis of first round candidates.
NIST will then review the public evaluations of the submitted algorithms’ cryptographic strengths and weaknesses, implementation costs, and implementation performance and will use these to narrow the candidate pool for more careful study and analysis. The purpose of this selection process is to identify candidates that are suitable for standardization in the near future, NIST said. Algorithms that are not included in the narrowed pool may still be considered for standardization at a later date, unless they are explicitly removed from consideration by NIST or the submitter.
NIST published a call for algorithms to be considered for lightweight cryptographic standards. Proposals must be received by NIST on or before February 25, 2019.
The following links contain the submission requirements and the code needed for reference implementations.
The call for submissions was announced August 27, 2018 as a Federal Register Announcement.
NIST has held two workshops on Lightweight Cryptography that included experts from industry, academia, and government:
NISTIR 8114, Report on Lightweight Cryptography, was published in March 2017, and provides an overview of the project and describes NIST’s plans for standardization of lightweight cryptographic algorithms. Public comments on NISTIR 8114. (Comment period closed: October 31, 2016)
NIST published a (draft) White Paper, Profiles for the Lightweight Cryptography Standardization Process, in April 2017. Public Comments on the draft White Paper (Comment period closed: June 16, 2017).
The Draft Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process public comment period closed June 28, 2018. The call for comments was announced May 14, 2018 as a Federal Register Notice. Public comments received (May 14-June 28, 2018).