There are several emerging areas in which highly constrained devices are interconnected, typically communicating wirelessly with one another, and working in concert to accomplish some task. Examples of these areas include: sensor networks, healthcare, distributed control systems, the Internet of Things, cyber physical systems, and the smart grid. Security and privacy can be very important in all of these areas. Because the majority of current cryptographic algorithms were designed for desktop/server environments, many of these algorithms do not fit into the constrained resources. If current algorithms can be made to fit into the limited resources of constrained environments, their performance is typically not acceptable.
NIST has begun to examine applications in constrained environments to determine whether NIST should develop a lightweight encryption standard. In 2015 NIST held the first workshop on Lightweight Cryptography that included industry, academic and government experts. The second workshop is planned for October 2016.
Draft Profiles
Profiles for the Lightweight Cryptography Standardization Process, contains two draft profiles:
- Profile I – Authenticated Encryption with Associated Data (AEAD) and hashing for constrained software and hardware environments, and
- Profile II – AEAD for constrained hardware environments.
The final versions of these profiles will be the foundation of submission requirements for the first algorithms in NIST’s lightweight cryptography portfolio.
Public Comments Received (comment period closed June 16, 2017)
Profile Development
Lightweight Cryptography profiles describe the design goals and physical, performance, and security characteristics for particular classes of algorithms where there has been an identified need for new cryptographic algorithm standards to support constrained devices. As described in NISTIR 8114, NIST intends to propose draft profiles when public feedback and its own technical analysis identifies such a need. Public feedback on draft profiles will be used by NIST to determine whether to proceed with a formal Call for Submissions of algorithms that satisfy requirements of the final profiles.
Submitted algorithms will be made available for public evaluation. As part of this process, NIST will periodically hold workshops to discuss algorithms that are under consideration for NIST’s lightweight cryptography portfolio. These workshops will seek input from the community on cryptanalysis, implementations, and applications of the proposals.
At the end of the process, which may consist of multiple rounds, NIST expects to announce one or more algorithms that satisfy the requirements of different profiles. NIST will issue a report that includes technical rationale for the selection of algorithms to the lightweight cryptography portfolio.
Publications
NISTIR 8114: Report on Lightweight Cryptography (March 2017)
- Public comments received on Draft NISTIR 8114 (comment deadline: October 31, 2016)
lwc-forum
A lwc-forum@nist.gov email mailing list has been established for dialogue regarding NIST's Lightweight Cryptography project. It is an unmoderated mailing list; messages addressed to this list are immediately distributed to all the addresses on the list. Only members are allowed to post messages to the list; however, anyone who wishes to do so may add themselves to the list.
- Listproc will use the return address from the header of your e-mail message.
- To unsubscribe:
mailto:lwc-forum-request@nist.gov?subject=unsubscribe