NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable.
The Draft Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process is currently available for review and public comment. The public comment period closes on June 28, 2018.
Federal Register Notice
There are several emerging areas in which highly-constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Examples of these areas include: sensor networks, healthcare, distributed control systems, the Internet of Things, cyber physical systems, and the smart grid. Security and privacy can be very important in all of these areas. Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into the constrained resources. If current algorithms can be made to fit into the limited resources of constrained environments, their performance may not be acceptable.
NIST has held two workshops on Lightweight Cryptography that included experts from industry, academia, and government:
NISTIR 8114, Report on Lightweight Cryptography, was published in March 2017. It provides an overview of the project and describes NIST’s plans for standardization of lightweight cryptographic algorithms.
Public comments on NISTIR 8114. (Comment period closed: October 31, 2016)
NIST published a (draft) White Paper, Profiles for the Lightweight Cryptography Standardization Process, in April 2017.
Public Comments on the draft White Paper (Comment period closed: June 16, 2017).
The initial phase of evaluation will consist of approximately twelve months of public review of the submitted algorithms. During this initial review period, NIST intends to evaluate the submitted algorithms as outlined in the call for submissions. Depending on the number of submissions, NIST may eliminate algorithms from consideration early in the first evaluation phase in order to focus analysis on the strongest submissions. A workshop will be held ten to eleven months after the submission deadline to discuss analysis of first round candidates. NIST will review the public evaluations of the submitted algorithms’ cryptographic strengths and weaknesses, implementation costs, and implementation performance and will use these to narrow the candidate pool for more careful study and analysis. The purpose of this selection process is to identify candidates that are suitable for standardization in the near future. Algorithms that are not included in the narrowed pool may still be considered for standardization at a later date, unless they are explicitly removed from consideration by NIST or the submitter.