US NIST finalizes standard to protect small devices with lightweight cryptography

NIST has finalized a lightweight cryptography standard to secure billions of small devices in the Internet of Things and beyond. Based on the Ascon family of algorithms, the standard offers efficient and adaptable protection while preparing for future cybersecurity needs.
US NIST finalizes standard to protect small devices with lightweight cryptography

The US National Institute of Standards and Technology (NIST) has finalised a new cryptography standard designed specifically for small, resource-limited devices such as those in the internet of things (IoT), medical implants, RFID tags, and smart home appliances. These devices, while often tiny and low-powered, still need protection against cyberattacks.

Why do small devices need special protection?

Most modern encryption methods are designed for powerful computers and smartphones. But billions of devices that make up the IoT have limited processing power, memory, and energy. For example, a smart thermostat or a car toll transponder cannot handle the same heavy-duty encryption that a laptop can. This makes them easier targets for hackers.

The new NIST standard provides ‘lightweight cryptography’, which uses less computing power and energy while still protecting sensitive data. This is important because security flaws in even the smallest devices can provide attackers with a way to compromise larger networks.

The Ascon family of algorithms

The standard is built on the Ascon family of algorithms, first developed in 2014 by a team from Graz University of Technology, Infineon Technologies, and Radboud University. Ascon became the top choice for lightweight encryption after years of international testing and evaluation.

NIST’s new publication, Special Publication 800-232, includes four variants from the Ascon family:

  • ASCON-128 AEAD: Provides encryption and data authenticity, useful for devices like RFID tags and medical implants. It is also designed to resist certain “side-channel attacks,” where hackers try to steal information by monitoring a device’s energy use or processing time.
  • ASCON-Hash 256: Creates unique “fingerprints” of data, ensuring integrity during processes like software updates or password protection.
  • ASCON-XOF 128 and ASCON-CXOF 128: Flexible hash functions that allow smaller devices to adjust the length of their security “fingerprints,” saving time and energy. The CXOF version also lets users add a small custom label to avoid accidental overlaps that could weaken security.

Looking ahead

According to NIST researchers, the new standard was shaped by years of public feedback and is intended to be both practical and adaptable. Future updates may expand the standard with new tools, such as dedicated message authentication codes.

Why this matters

For ordinary people, this standard means that everyday devices—whether a fitness tracker, a smart fridge, or a hospital implant—will be better protected against hacking. For civil society, it helps ensure that connected devices cannot be easily exploited to harm individuals, spread disinformation, or disrupt critical infrastructure. Lightweight cryptography strengthens digital trust in the growing ecosystem of small, networked devices that increasingly shape daily life.

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top