Sergey Nivens - Fotolia

What is NIST's guidance on lightweight cryptography?

NIST released a report on lightweight cryptography. Expert Judith Myerson reviews what the report covers and what NIST recommends for standardization.

NIST just published a report on lightweight cryptography. What did it find and recommend?

In March 2017, NIST published its long-awaited final report on lightweight cryptography. This report, NISTIR 8114, summarizes the findings of NIST's lightweight cryptography project and provides a roadmap to standardization of lightweight cryptography algorithms.

All conventional, NIST-approved cryptographic standards perform well on high-end devices, including desktops, servers and tablets. However, NIST found that performance may not be acceptable when conventional standards are implemented on low-end devices. For example, embedded systems, radio frequency IDs (RFIDs) and sensors have physical limitations. The number of gate equivalents is very small. These devices require cryptographic algorithms that can meet stringent timing and power requirements.

For example, passive RFID tags that are not battery-powered are activated by a limited amount of power from a mobile or wall-mounted RFID reader. These tags have a total count of 1,000 to 10,000 gates. Only 100 to 2,000 gates may be used for security purposes.

NIST proposed a template for profiles. One or more characteristic fields or design goal fields may be blank.

  • Functionality (e.g., encryption, hashing, message authentication)
  • Design goals
  • Physical characteristics (e.g., 64 to 128 bytes of RAM)
  • Performance characteristics (e.g., latency of no more than 5 nanoseconds)
  • Security characteristics (e.g., minimum key size of no less than 112 bits)

NIST's standardization plan starts with soliciting answers about requirements from the community. Stakeholders are directed to send their responses to [email protected] NIST will use the responses and other criteria to develop a profile for public comment for 30 days or more.

After finalizing a profile, NIST will publish a call for submissions of lightweight cryptographic functions. Standardization plans will be discussed at a Lightweight Cryptography Workshop, so keep an eye out for that to learn more.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out whether open source cryptography libraries are trustworthy

Learn about elliptic curve cryptography in transport ticketing

Check out whether white-box cryptography can save your apps

This was last published in May 2017

Dig Deeper on Security operations and management