NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable.
NIST has published a call for algorithms to be considered for lightweight cryptographic standards. Proposals must be received by NIST on or before February 25, 2019. However, NIST allows the authors to amend their submission through March 29, 2019. The intention is to allow the authors to complete and correct their submissions, but not to introduce major changes to the cover sheet or the algorithm specification. We hope that this extra flexibility will be sufficient to mitigate the impact of the shutdown.
The call for submissions was announced August 27, 2018 as a Federal Register Announcement.
NIST will hold a workshop on November 4-6, 2019 in Gaithersburg, MD, to discuss candidate algorithms, including design strategies, implementations, performance, cryptanalysis, and target applications.
There are several emerging areas in which highly-constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Examples of these areas include: sensor networks, healthcare, distributed control systems, the Internet of Things, cyber physical systems, and the smart grid. Security and privacy can be very important in all of these areas. Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into the constrained resources. If current algorithms can be made to fit into the limited resources of constrained environments, their performance may not be acceptable.
NIST has held two workshops on Lightweight Cryptography that included experts from industry, academia, and government:
NISTIR 8114, Report on Lightweight Cryptography, was published in March 2017. It provides an overview of the project and describes NIST’s plans for standardization of lightweight cryptographic algorithms.
Public comments on NISTIR 8114. (Comment period closed: October 31, 2016)
NIST published a (draft) White Paper, Profiles for the Lightweight Cryptography Standardization Process, in April 2017.
Public Comments on the draft White Paper (Comment period closed: June 16, 2017).
The Draft Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process public comment period closed June 28, 2018. The call for comments was announced May 14, 2018 as a Federal Register Notice
The initial phase of evaluation will consist of approximately twelve months of public review of the submitted algorithms. During this initial review period, NIST intends to evaluate the submitted algorithms as outlined in the call for submissions. Depending on the number of submissions, NIST may eliminate algorithms from consideration early in the first evaluation phase in order to focus analysis on the strongest submissions. A workshop will be held ten to eleven months after the submission deadline to discuss analysis of first round candidates. NIST will review the public evaluations of the submitted algorithms’ cryptographic strengths and weaknesses, implementation costs, and implementation performance and will use these to narrow the candidate pool for more careful study and analysis. The purpose of this selection process is to identify candidates that are suitable for standardization in the near future. Algorithms that are not included in the narrowed pool may still be considered for standardization at a later date, unless they are explicitly removed from consideration by NIST or the submitter.