NIST is investigating the need for lightweight cryptographic algorithms. This includes looking at applications that may require lightweight algorithms as well as defining possible use cases.
There are several emerging areas in which highly constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Examples of these areas include: sensor networks, healthcare, distributed control systems, the Internet of Things, cyber physical systems, and the smart grid. Security and privacy can be very important in all of these areas. Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into the constrained resources. If current algorithms can be made to fit into the limited resources of constrained environments, their performance is typically not acceptable.NIST has begun to examine applications in constrained environments to determine whether NIST should develop a lightweight encryption standard. In 2015 NIST held the first workshop on Lightweight Cryptography that included industry, academic and government experts. A second workshop was held in October 2016.
Profiles for the Lightweight Cryptography Standardization Process, contains two draft profiles:
- Profile I – Authenticated Encryption with Associated Data (AEAD) and hashing for constrained software and hardware environments, and
- Profile II – AEAD for constrained hardware environments.
The final versions of these profiles will be the foundation of submission requirements for the first algorithms in NIST’s lightweight cryptography portfolio.
Public Comments on Profiles I & II (Comment period closed: June 16, 2017)
Lightweight Cryptography profiles describe the design goals and physical, performance, and security characteristics for particular classes of algorithms where there has been an identified need for new cryptographic algorithm standards to support constrained devices. As described in NISTIR 8114, NIST intends to propose draft profiles when public feedback and its own technical analysis identifies such a need. Public feedback on draft profiles will be used by NIST to determine whether to proceed with a formal Call for Submissions of algorithms that satisfy requirements of the final profiles.
Submitted algorithms will be made available for public evaluation. As part of this process, NIST will periodically hold workshops to discuss algorithms that are under consideration for NIST’s lightweight cryptography portfolio. These workshops will seek input from the community on cryptanalysis, implementations, and applications of the proposals.
At the end of the process, which may consist of multiple rounds, NIST expects to announce one or more algorithms that satisfy the requirements of different profiles. NIST will issue a report that includes technical rationale for the selection of algorithms to the lightweight cryptography portfolio.