The National Institute of Standards and Technology (NIST) has officially released NIST Special Publication 800-232, establishing the Ascon family of algorithms as the new standard for lightweight cryptography designed specifically for resource-constrained devices. 

Published in August 2025, this groundbreaking standard addresses critical security gaps in Internet of Things (IoT) devices, embedded systems, and low-power sensors where traditional cryptographic solutions like AES-GCM may prove too resource-intensive.

Key Takeaways
1. NIST SP 800-232 standardizes the Ascon family—using 320-bit states and Ascon-p/p permutations.
2. Ascon-AEAD128 delivers 128-bit security.
3. Ascon-Hash256, XOF128, and CXOF128 use a 64-bit sponge (Ascon-p) to produce 256-bit or variable-length outputs.

Ascon Algorithm Family Multi-Layered Protection

The newly standardized Ascon family comprises four distinct cryptographic primitives, each serving specific security functions. 

Ascon-AEAD128 serves as the primary authenticated encryption scheme, offering 128-bit security strength in single-key environments with nonce-based operation. 

The standard also includes Ascon-Hash256, a cryptographic hash function producing 256-bit digests with 128-bit security strength.

Two eXtendable Output Functions (XOFs) complete the suite: Ascon-XOF128 and Ascon-CXOF128. 

The latter introduces customization string capabilities, enabling domain separation for applications requiring distinct outputs from identical inputs. 

All algorithms utilize the same underlying Ascon-p permutations with varying round counts, specifically Ascon-p for initialization/finalization and Ascon-p for data processing phases.

The Ascon standard implements a Substitution-Permutation Network (SPN) structure operating on a 320-bit internal state divided into five 64-bit words. 

The permutation function consists of three layers: constant-addition, substitution, and linear diffusion, providing robust cryptographic security while maintaining computational efficiency.

Key technical specifications include a 128-bit rate and 192-bit capacity for Ascon-AEAD128, while hash functions operate with a 64-bit rate and 256-bit capacity. 

The standard mandates specific initial values: 0x00001000808c0001 for Ascon-AEAD128, 0x0000080100cc0002 for Ascon-Hash256, and distinct IVs for XOF variants to ensure algorithm separation.

Enhanced Security Features 

NIST’s standard incorporates advanced security measures, including nonce-masking implementation options and truncation capabilities for authentication tags. 

The specification requires a minimum of 32-bit truncated tags, with careful risk analysis mandated for tags shorter than 64 bits. 

Data processing limits are established at 2⁵⁴ bytes per key to maintain security margins. For enhanced protection, the nonce-masking option maintains full 128-bit security regardless of key count. 

This comprehensive approach ensures robust protection against forgery attempts while supporting practical deployment constraints in resource-limited environments.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.

The post NIST Publish ‘Lightweight Cryptography’ Standard To Protect IoT Devices appeared first on Cyber Security News.