Infineon have announced that the US National Institute of Standards and Technology (NIST) has selected the Ascon algorithm developed by Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schlaeffer as an international standard for lightweight cryptography (LWC). The cryptographic scheme was selected in a multi-stage and multi-year selection process, in which the algorithm turned out to be the strongest and most efficient, partially thanks to the continuous additions made by Infineon cryptologists Mendel and Schlaeffer.
A first version of Ascon was developed at the Graz University of Technology (TU) in early 2014. Since then, the algorithm has been further developed and improved by the teams from TU Graz, Infineon Technologies AG, Lamarr Security Research and Radboud University. Infineon’s main contributions were the efficiently secured implementations in hardware and software as well as the security analysis of Ascon.
“With increasing digitalisation, it is becoming more and more important to secure end devices in the IoT. Until now, this has only been possible to a limited extent. With the Ascon algorithm, which has been elevated to a standard by NIST, this gap can be closed and secured for small and miniature devices in the network,” said Thomas Rosteck, President of Infineon’s Connected Secure Systems Division. “We are particularly proud of the fact that two of the cryptologists who contributed to the algorithm have been an integral part of our innovation team for several years.”
Lightweight cryptography addresses cryptographic methods that are suitable for use in resource-constrained environments – especially in the IoT with its numerous small sensors and actuators, or in miniaturisation technologies. With Ascon, these applications can be efficiently secured even when little energy and computing power is available for security algorithms. The algorithm, which was co-developed by Infineon, is characterised by its efficient, simple and well-secured implementation, as well as additional features to protect against attacks in the field – additional key criteria for the NIST selection process.
Ascon prevails, final definition will follow soon
Back in 2019, Ascon won the “CAESAR Competition for Authenticated Encryption” in the Lightweight Applications category. As a result, Ascon was the most thoroughly analysed algorithm in the subsequent NIST competition. In a public selection process, the performance and features of all 57 candidates were reviewed in multiple rounds and examined for weaknesses. In the end, Ascon ultimately emerged as the winner from the ten finalists.
There are currently several variants of the Ascon algorithm. Some or all of these may become part of the LWC standard published by NIST. NIST will be working with the Ascon team over the next few months to define the details of the standard. The variants provide developers with a set of cryptographic functions for different tasks. At its core, Ascon replaces the functionality of a symmetric encryption scheme and a hash function (AES-GCM with SHA-2 or SHA-3 with much improved efficiency) for many use cases.
Efficient and cost-effective cryptography is of great importance for numerous Infineon products that operate in networked systems. This will benefit, for example, many sensor applications in the automotive sector as well as power systems in a wide range of industrial applications. The standardisation work of recent years and the security expertise of Infineon’s Connected Secure Systems Division enable the company to integrate Ascon cryptography into products and systems early and competently.