Date Published: November 8, 2024
Comments Due:
Email Questions to:
Planning Note (02/27/2025):
See the public comments submitted to NIST.
Author(s)
Meltem Sönmez Turan (NIST), Kerry McKay (NIST), Donghoon Chang (Strativia), Jinkeon Kang (NIST), John Kelsey (NIST)
Announcement
This draft standard introduces a new Ascon-based family of symmetric-key cryptographic primitives that provides robust security, efficiency, and flexibility. With its compact state and range of cryptographic functions, it is ideal for resource-constrained environments, such as Internet of Things (IoT) devices, embedded systems, and low-power sensors. This standard includes multiple algorithms to meet a wide range of symmetric cryptographic needs, including the Authenticated Encryption with Associated Data (AEAD) scheme Ascon-AEAD128, the hash function Ascon-Hash256, and the Extendable Output Functions (XOFs) Ascon-XOF128 and Ascon-CXOF128.
In 2023, the National Institute of Standards and Technology (NIST) announced the selection of the Ascon family of algorithms designed by Dobraunig, Eichlseder, Mendel, and Schläffer to provide efficient cryptography solutions for resource-constrained devices. This decision emerged from a rigorous, multi-round lightweight cryptography standardization process. This standard introduces a new Ascon-based family of symmetric-key cryptographic primitives designed to deliver Authenticated Encryption with Associated Data (AEAD), hash, and Extendable Output Function (XOF) capabilities, namely Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128. The Ascon family is characterized by lightweight permutation-based primitives and provides robust security, efficiency, and flexibility, making it ideal for resource-constrained environments, such as Internet of Things (IoT) devices, embedded systems, and low-power sensors. The family is developed to offer a viable alternative when the Advanced Encryption Standard (AES) may not perform optimally. This draft standard outlines the technical specifications of Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128, and provides their security properties.
In 2023, the National Institute of Standards and Technology (NIST) announced the selection of the Ascon family of algorithms designed by Dobraunig, Eichlseder, Mendel, and Schläffer to provide efficient cryptography solutions for resource-constrained devices. This decision emerged from a rigorous,...
See full abstractIn 2023, the National Institute of Standards and Technology (NIST) announced the selection of the Ascon family of algorithms designed by Dobraunig, Eichlseder, Mendel, and Schläffer to provide efficient cryptography solutions for resource-constrained devices. This decision emerged from a rigorous, multi-round lightweight cryptography standardization process. This standard introduces a new Ascon-based family of symmetric-key cryptographic primitives designed to deliver Authenticated Encryption with Associated Data (AEAD), hash, and Extendable Output Function (XOF) capabilities, namely Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128. The Ascon family is characterized by lightweight permutation-based primitives and provides robust security, efficiency, and flexibility, making it ideal for resource-constrained environments, such as Internet of Things (IoT) devices, embedded systems, and low-power sensors. The family is developed to offer a viable alternative when the Advanced Encryption Standard (AES) may not perform optimally. This draft standard outlines the technical specifications of Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128, and provides their security properties.
Hide full abstractKeywords
ASCON; authenticated encryption; constrained devices; extendable output function (XOF); hash function; lightweight cryptography; permutation-based cryptography; standardizationControl Families
None selected
