NIST begins search for lightweight crypto algorithms

Recent years, particularly with the advent of a broad class of IoT applications, have increased the need for crypto solutions for constrained applications. NIST has started a search to find and standardise lightweight cryptographic algorithms for precisely these situations.

According to NIST, they have “decided to create a portfolio of lightweight cryptographic algorithms, designed for limited use in applications and environments where cryptographic operations are performed by constrained devices that are unable to use existing NIST standards”.

This is an interesting development and should be useful contribution to the field. A good overview of lightweight cryptographic algorithms was put together by Eisenbarth et al. (2007), and clearly the field would have moved on a lot since then. But as their paper showed, there is a staggering difference in throughput between the universal enterprise solution (AES) and alternatives.

Comparison of lightweight crypto algorithms (Eisenbarth et al., 2007)

For example, throughput at 100kHz (Kbps) of AES-128 comes out at 12.40, DES at 44.4, where CLEFIA delivers at 355.56, and PRESENT at 200. PRESENT requires less than half of the chip size needed to achieve that outcome.

This standardisation initiative should hopefully lead to faster communications systems, reduced manufacturing costs, and reduced SWAP, particularly for embedded devices and IoT.

They’re accepting candidate algorithms until February 25, 2019.

Further information is located at



(Eisenbarth, et al., 2007) Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A. and Uhsadel, L., 2007. A survey of lightweight-cryptography implementations. IEEE Design & Test of Computers, (6), pp.522-533.