NIST has initiated a process to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable. In August 2018, NIST published a call for algorithms (test vector generation code) to be considered for lightweight cryptographic standards with authenticated encryption with associated data (AEAD) and optional hashing functionalities. The deadline for submitting algorithms has passed. NIST received 57 submissions to be considered for standardization. After the initial review of the submissions, 56 were selected as Round 1 candidates. Of the 56 Round 1 candidates, 32 were selected to advance to Round 2.

In March 2021, NIST announced ten finalists as ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak.

Next Steps

The final round of evaluation is expected to conclude late in 2022.

Acknowledgements

The success of the NIST Lightweight Crypto Standardization process relies on the efforts of the researchers from the cryptographic community that provide security, implementation and performance analysis of the candidate algorithms. NIST strongly encourages public evaluation and publication of the results throughout the process.

NIST thanks the submission teams, who developed and designed the candidates and the cryptographic community, who analyzed the candidates, shared their comments through the lwc-forum, and published papers on various technical aspects of the candidates.

NIST also thanks the developers who provided optimized implementations of the candidates, as well as the hardware and software benchmarking initiatives, for their contributions in understanding the performance characteristics of the algorithms on various target platforms.