[フレーム]

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Information Technology Laboratory

Computer Security Resource Center

CSRC Logo

Projects

Lightweight Cryptography

Project Links

Overview News & Updates Events Publications Presentations

Overview

NIST began investigating cryptography for constrained environments in 2013. After two workshops and discussions with stakeholders in industry, government, and academia, NIST initiated a process to solicit, evaluate, and standardize schemes providing authenticated encryption with associated data (AEAD) and optional hashing functionalities for constrained environments where the performance of current NIST cryptographic standards is not acceptable.

On August 13, 2025, SP 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions , was published. This standard specifies four functions based on the Ascon family: AEAD function Ascon-AEAD128, hash function Ascon-Hash256, eXtendable-Output Function (XOF) Ascon-XOF128, and customized XOF Ascon-CXOF128.

Evaluation Phase

In 2018, NIST published a call for algorithms to describe the requirements, selection process and the evaluation criteria.

Round 1. In March 2019, NIST received 57 submissions to be considered for standardization. The first round of the NIST lightweight cryptography standardization process began with the announcement of 56 Round 1 in April 2019 and ended in August 2019. NISTIR 8268 explains the evaluation of the first-round candidates and names 32 candidate algorithms advancing to the second round of the evaluation process.
Round 2. The second round of the NIST lightweight cryptography standardization process began when NIST announced the 32 Round 2 in August 2019 and concluded when the finalists were announced in March 2021. NISTIR 8369 explains the evaluation of the second-round candidates and names 10 finalists.
Final Round. The final round of the process began with the announcement of the 10 finalists and ended when NIST announced the selection of the Ascon family in February 2023. NISTIR 8454 describes the evaluation of the finalists and explains the selection of the Ascon family.

The timeline of the standardization process is provided here.

Standardization Phase

In November 2024, NIST released the initial public draft (ipd) of Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions. See the public comments submitted to NIST.

In August 2025, Ascon-AEAD128, Ascon-Hash256, Ascon-XOF128, and Ascon-CXOF128 became NIST standards in the final publication of SP 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices: Authenticated Encryption, Hash, and Extendable Output Functions.

Additional Functionalities. NIST is considering the development of a dedicated Message Authentication Code (MAC) and a variable-output-length pseudorandom function (PRF) based on the Ascon family in a future standard.

Acknowledgments

NIST thanks the submission teams, who developed and designed the candidates; the cryptographic community, who analyzed the candidates, shared their comments through the lwc-forum, and published papers on various technical aspects of the candidates; the developers who provided optimized implementations of the candidates; and organizers of hardware and software benchmarking initiatives, for their contributions in understanding the performance characteristics of the algorithms on various target platforms.