NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices

The National Institude of Standards and Technology has announced their selections for lightweight cryptography. The winning group of algorithms, called Ascon, are designed to protect data on smaller devices such as “implanted medical devices, stress detectors, stress detectors inside roads and bridges, and keyless entry fobs for vehicles” as well as the miniature devices used by the Internet of Things (IoT).

Ascon and other finalist algorithms are documented here. Please note Ascon’s recommendation: “Use ASCON-128 for now unless you consider the 128-bit key length to be too short, in which case you should use ASCON-80pq."
Editors Note: ASCON-80pq has a 160-bit key to support a post-quantum security usecase.

President Biden Signs Memorandum Regarding Post-Quantum Cryptography

President Biden signs a memorandum on Improving the Cybersecurity of National Security. The memo that highights the importance of taking an inventory of classical encryption schemes and begin implementing Post-Quantum Cryptography (PQC).

Guide to a Quantum-Safe Organization

“A Guide to a Quantum-Safe Organization” is a concise yet wide-ranging introduction to preparing for future quantum computers which someday will be able to decrypt today’s most common key encryption standards. The Guide reviews this future threat, mitigation technologies such as post-quantum cryptography (PQC) and QKD, economic considerations, and practical steps organizations can take starting now. This is a single introductory source written for a broad audience. No advanced physics degrees required!

Cloud Security Alliance: Practical Preparations for the Post-Quantum World

The Cloud Security Alliance (CSA) discusses the cybersecurity challenges and recommended steps to reduce likely new risks due to quantum information sciences. This paper was created for awareness and education, and to communicate example steps every organization should be performing to prepare for the post-quantum world. Following its recommendations should result in increased project efficiencies, decreased cybersecurity risk, and increased, long-term, crypto-agility. Part I is a discussion of the various quantum threats which require mitigation. Part II is an actionable, step-by-step, blueprint for preparing for the post-quantum world.

Key Takeaways:

  • Part 1: Outline the quantum threats that will need to be mitigated
  • Part 2: Steps to prepare for the post-quantum world
Migration to Post-Quantum Cryptography

The NIST National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks. The Migration to Post-Quantum Cryptography practices will take the form of white papers, playbooks, and demonstrable implementations for organizations. In particular, the audience for these practices is intended to include organizations that provide cryptographic standards and protocols and enterprises that develop, acquire, implement, and service cryptographic products. This effort complements the NIST post quantum cryptography (PQC) standardization activities.