U.S. flag   An official website of the United States government

Lightweight Cryptography

Project Overview

There are several emerging areas (e.g. sensor networks, healthcare, distributed control systems, the Internet of Things, cyber physical systems) in which highly-constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into constrained devices.  

NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable. NIST has published a call for algorithms (test vector generation code) to be considered for lightweight cryptographic standards. The deadline for submitting algorithms has passed.

Round 1 Candidates

NIST received 57 submissions to be considered for standardization. After the initial review of the submissions, 56 were selected as Round 1 Candidates.   

Round 2 Candidates

Due to the large number of submissions and the short timeline of the NIST lightweight cryptography standardization process, some of the candidates were eliminated from consideration early in the first evaluation phase in order to focus analysis on the more promising candidates. Of the 56 Round 1 candidates, 32 were selected to continue to Round 2.

Round 2 Candidate Status Updates

NIST invited submitters of the Round 2 candidates to provide a short (up to 5 pages) update on their algorithms. Specifically, NIST was interested in updates on:

  • new proofs/arguments supporting the security claims,
  • new software and hardware implementations (including ones that protect against side channel attacks),
  • new third-party analysis and its implications,
  • platforms and metrics in which the candidate performs better than current NIST standards,
  • target applications and use cases for which the candidate is optimized,
  • planned tweak proposals, if submission accepted as a finalist, and
  • any other relevant information.

27 submission teams submitted updates, which can be found on the Round 2 Candidates page. 


On March 29, 2021, NIST announced the finalists as ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak

Guidelines for preparing finalist submission packages to the NIST lightweight cryptography standardization process
May 17, 2021

NIST is inviting the finalist teams to provide updated submission packages for the last round of the NIST Lightweight Cryptography Standardization Process. In this round, submitters are allowed to make design modifications (i.e., tweaks) to improve the security or the performance of their candidates. As a general guideline, NIST expects these modifications to be relatively minor, and not invalidating previous security analysis. Larger modifications may signal that the algorithm is not mature enough for standardization for some time. It is acceptable to add new variants or remove a subset of the existing variants. Additionally, it is also acceptable to change the designation of the primary to another previously submitted variant. NIST requires a short document explaining what changes were made to the design and the reasons for the changes.

For submissions that provide both AEAD and hashing functionalities, NIST recommends that submitters also include a combined software implementation of at least the primary AEAD variant and the primary hash variant as a separate implementation supporting both functionalities. Sample source code for the combined implementation is provided.

The packages must meet the same submission requirements and the minimum acceptability criteria as specified in the original call for algorithms. NIST does not require new signed intellectual property statements unless new team members have been added or the status of intellectual property for the submission has changed. If either of these cases apply, please contact NIST in advance.

Submission packages must be sent to lightweight-crypto@nist.gov by 9:00PM EDT May 17, 2021. If the deadline poses a problem, please contact NIST in advance. NIST will review the submitted packages as quickly as possible and post the candidate submission packages which are “complete and proper” on the LWC project webpage. General questions may be asked on the lwc-forum. For more specific questions, please contact NIST at lightweight-crypto@nist.gov.

Software Benchmarking

Hardware Benchmarking

Next Steps

  • The final round of the standardization process is expected to last approximately 12 months. NIST will give the finalist submission teams the opportunity to provide updated specifications and implementations. Further guidelines on the tweak proposals will be provided soon.


Date Event
July 20-21, 2015  First Lightweight Cryptography Workshop at NIST 
August 11, 2016  (Draft) NISTIR 8114 is published. 
October 17-18, 2016 Second Lightweight Cryptography Workshop at NIST   
October 31, 2016  End of public comment period to Draft NISTIR 8114 
Public comments received (August 11 - October 31,2016) 

March 28, 2017 

NISTIR 8114, Report on Lightweight Cryptography is published. 
April 26, 2017 (Draft) Profiles for Lightweight cryptography standardization process is published. 
June 16, 2017  Public comments received (April 26 - June 16, 2017) 
May 14, 2018  (Draft) Submission Requirements and Evaluation Criteria for the Lightweight cryptography standardization process is published.
May 14, 2018 Federal Register Notice is published. 
June 28, 2018  End of public comment period to the submission requirement. 
Public comments received (May 14-June 28, 2018). 
August 27, 2018 Federal Register Notice is published
August 27, 2018  Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process is published.
January 4, 2019 Early submission deadline for early feedback 
February 25, 2019  Submission deadline
March 29, 2019 Amendment Deadline
April 18, 2019  Announcement of the Round 1 Candidates
August 30, 2019 Announcement of Round 2 Candidates
October 7, 2019 NISTIR 8268, Status Report on the First Round of the NIST Lightweight Cryptography Standardization Process is published
November 4-6, 2019  Third Lightweight Cryptography Workshop at NIST
October 19-21, 2020 Fourth Lightweight Cryptography Workshop (virtual)
March 29, 2021 Announcement of Finalist Candidates



Lightweight Crypto Technical Inquiries

Lawrence Bassham

Çağdaş Çalık

Donghoon Chang

Jinkeon Kang

John Kelsey

Kerry McKay

Meltem Sönmez Turan


Security and Privacy: cryptography

Created January 03, 2017, Updated April 14, 2021