The US National Institute of Standards and Technology (NIST) announced on 7 April 2023, that the Ascon algorithm developed at Graz University of Technology (TU Graz) has been selected as the standard for lightweight cryptography after a multi-stage and multi-year selection process. Since the NIST standards are of great importance internationally in the field of information security and are used practically everywhere, Ascon will take over the encryption in the future worldwide for applications with only limited [or: constrained] electronic resources.
Lightweight cryptography deals with cryptographic methods that are particularly suitable for use in resource-constrained environments, for example RFID tags or sensors, due to their low resource requirements. This applies in particular to the Internet of Things with its numerous small sensors and actuators, as only little energy and power is available here. Ascon is also suitable for miniature technologies such as medical implants or keyless car openers. The decision in favour of the algorithm from TU Graz was based on the fact that it is fast, small and easy to implement securely, even in the presence of implementation attacks. Having already won the 2019 CAESAR competition for authenticated encryption in the lightweight applications category, Ascon was also the most thoroughly analysed candidate and was already highly trusted in advance.
Algorithm prevailed against 56 other candidates
In NIST's selection process, Ascon beat 56 other candidates submitted in 2019. After a public review process in several rounds, in which cryptologists looked for weaknesses and tested performance and features, ten finalists finally remained. And from these, Ascon finally emerged as the winner.
"In view of the many strong candidates, the selection of Ascon by NIST is of course a great success for us as a team," says Maria Eichlseder from the Institute of Applied Information Processing and Communications at TU Graz, one of the designers who developed the algorithm. "As the Internet of Things continues to grow in importance and miniature technologies also become more widespread, our algorithm will be used in an enormous number of areas and devices in the future. We have already heard interest from very different directions in industry and open software development."
Ascon offers two cryptographic functionalities: authenticated encryption and hash functions. Authenticated encryption uses a secret key to encrypt data into ciphertext to protect the confidentiality of the plaintext. In addition, a checksum is calculated, which immediately detects and prevents manipulation of the transmitted data to protect authenticity. The hash function also creates a checksum to check the integrity of data. However, this works without a key and is used for other applications, such as digital signatures.
Ascon was developed in 2014 at TU Graz and has been constantly refined since then. The team consisted of Maria Eichlseder from the Institute of Applied Information Processing and Communications and her colleagues at the time Christoph Dobraunig, Florian Mendel and Martin Schläffer. Dobraunig is now employed at Intel, after interim positions at Radboud University and Lamarr Security, while Mendel and Schläffer are now conducting research on security at Infineon.
Video: Maria Eichlseder explains Ascon (Video in German, English subtitles available)