[HN Gopher] NIST Selects 'Lightweight Cryptography' Algorithms t...
___________________________________________________________________
NIST Selects 'Lightweight Cryptography' Algorithms to Protect Small
Devices
Author : sizzle
Score : 44 points
Date : 2023-02-08 18:44 UTC (4 hours ago)
(HTM) web link (www.nist.gov)
(TXT) w3m dump (www.nist.gov)
| transpute wrote:
| _Ascon_ specs, reference code and benchmarks:
| https://ascon.iaik.tugraz.at
|
| Competitors: https://asecuritysite.com/light
| mtgx wrote:
| Lightweight = NSA-crackable, right?
| fredoralive wrote:
| I'm not a crypto expert, but you can get 8 bit Atmel / Microchip
| AVRs with AES units on them (for example), are "special"
| lightweight algorithms actually needed, or should we just be
| encouraging the use of MCUs with suitable accelerators for proven
| algorithms?
| jvanderbot wrote:
| They're also expensive. At least last time I priced them out,
| they cost more than the radio and MCU.
| fredoralive wrote:
| I was thinking of on chip accelerator units / peripherals,
| like the AVR Xmega AES example, rather than external chips.
| zokier wrote:
| Afaik these LWCs are supposed to also be easier to
| implement in HW (=smaller die area/gate count), but I'm
| also wondering is the difference really meaningful
| especially with current manufacturing tech? I imagine there
| are limits on die size reductions where the returns really
| start diminishing very quickly.
| hra5th wrote:
| A brief search on Mouser seems to indicate that The AVR
| Xmega costs roughly 2.5 times as much as other 8 bit MCUs
| from Atmel with comparable amounts of flash/RAM -- are
| there other "selling point" on-chip perpiherals
| significantly contributing to that cost?
| fredoralive wrote:
| Generally a lot more stuff than the average AVR, so
| (IIRC) you have a multi level interrupt controller, a DMA
| unit, more adaptable clock / power configuration, and
| just more of things like UARTS and ADCs (which tended to
| have more features) and so on[1]. It feels more like an
| AVR core bolted onto something nearer to the "everything
| and a kitchen sink" peripheral set you get with a 32 bit
| ARM MCU. The projects I worked on weren't particularly
| super cost sensitive though, so I'm perhaps a bit
| isolated from the "every cent matters" level.
|
| (Also, you'd probably just use one of those 32 bit ARM
| chips nowadays).
|
| [1] I don't have an encyclopaedic knowledge of the AVR
| range and haven't looked at in a couple of years, so I'm
| sure some of the advanced stuff is available on Mega
| models.
| Avamander wrote:
| You can also get crypto coprocessors to accelerate such
| operations, without switching platforms or sacrificing for
| example power usage.
| tptacek wrote:
| They're not just optimized to "fit" into small devices, but
| also for handling things like ultra-small messages, which is a
| common requirement in RF protocols.
| throw0101c wrote:
| Two algorithms by the were rejected by the ISO folks for an IoT
| standard a few years ago:
|
| * https://www.schneier.com/blog/archives/2018/04/two_nsa_algor...
|
| * https://www.schneier.com/blog/archives/2017/09/iso_rejects_n...
| jvanderbot wrote:
| Would you mind rephrasing? I'm confused by your comment.
| tptacek wrote:
| At last, Joan Daemen loses a NIST contest. :)
|
| Presumably it helped that Ascon was also a CAESAR finalist.
|
| Ascon is a Duplex Sponge construction, and an extremely good
| introduction to that concept is here:
|
| https://codahale.com/the-joy-of-duplexes/
|
| (Xoodyak, Coda's preferred Duplex, was a contestant --- Daemen's
| contestant, in fact.)
| SeanAnderson wrote:
| Your link redirects to a random Wikipedia if the referrer is
| HN.
| sebsebmc wrote:
| Right-click open in incognito works, but definitely annoying
| tptacek wrote:
| I don't know that it's random.
___________________________________________________________________
(page generated 2023-02-08 23:00 UTC)