[Sls-sea-dls] [Sea-sec] Fw: [EXTERNAL] NIST Publishes SP 800-232: Ascon-Based Lightweight Cryptography Standards for Constrained Devices

Oana-Alexandra Graur Oana-alexandra.Graur at esa.int
Mon Sep 8 13:36:45 EDT 2025 

Dear Howie,

If the group identifies a real use case for this, we can certainly add it.
That said, I would like to clarify something: in past missions that choice not to implement security at all, was the reasoning mainly that AES benchmarking on their hardware/software showed resource constraints that demanded a lighter cipher? Or was it more about other factors—such as the need for a dedicated security function on board, operational costs of key management, additional development and testing costs, fear of radiation and single event upsets, heritage? In my experience, these latter factors have generally been stronger drivers for omitting security than the computational cost of AES itself.
Regarding the Crypto Blue Book, my understanding is that it serves as an envelope for the ciphers used in CCSDS-developed security protocols (e.g., SDLS, 3KEM, BPSEC in the future). However, if a mission instead uses a protocol not developed within CCSDS—for example, IP over CCSDS with TCP and TLS 1.3 on top—then the cryptographic options provided by TLS are not (currently) listed in the Crypto BB. The same reasoning would apply to cryptographic primitives defined in 3GPP/5G NTN, or in IoT standards that may be carried over IP.  If we tried to include all crypto primitives from such externally developed standards, it would imply frequent updates to the Crypto BB every time those standards evolve.
Were you thinking specifically about using ASCON with SDLS, for TC/TM/AOS/USLP? If so, we would need to carefully examine aspects such as IV size, tag size, and their compatibility with the existing SDLS specification, and assess whether changes to the standard would be necessary.
That said, I understand the CubeSat context you may have had in mind—though even there, I have seen some newer CubeSat missions with NanoXplore Ultra FPGAs that have more than enough resources to support AES, but this might not be the general case for CubeSats.
With regards to SDLS with 3KEM and ASCON is not something I would recommend (the image of buying one of the latest Ferrari models and fitting it with budget tires comes to mind 😊).
For me, the key question is whether we want to consider ASCON because it might be paired with CCSDS-native protocols, or simply mention it because it could be used by other protocols carried over the CCSDS stack (e.g., IP or TCP/IP). The latter approach risks becoming a rabbit hole if we try to apply it consistently.
Finally, looking at NIST SP 800-232, it seems that ASCON-80pq was deliberately not standardized by NIST. I have to admit I haven’t followed carefully the lightweight cryptography process, but if this is indeed the case, the absence of NIST standardization would be another argument against including ASCON-80pq.
[cid:image001.png at 01DC20F7.E8991630]

[cid:image002.png at 01DC20F7.E8991630]
https://csrc.nist.gov/csrc/media/Presentations/2023/update-on-standardization-of-ascon-family/images-media/sess-6-turan-bcm-workshop-2023.pdf


Kind regards,
Oana

From: "Howard.Weiss at parsons.us" <Howard.Weiss at parsons.us>
Date: Friday, 15 August 2025 at 16:25
To: Oana-Alexandra Graur <Oana-alexandra.Graur at esa.int>, Moury Gilles via SLS-SEA-DLS <sls-sea-dls at mailman.ccsds.org>, "Howard.Weiss--- via SEA-SEC" <sea-sec at mailman.ccsds.org>
Subject: RE: [Sea-sec] Fw: [EXTERNAL] NIST Publishes SP 800-232: Ascon-Based Lightweight Cryptography Standards for Constrained Devices

Oana,

ASCON would be a lightweight, symmetric algorithm alternative to AES.

I would only specify the use of ASCON-80pq which is the NIST variant designed to be Level 1 conformant.  This variant uses a 160-bit key (vice 128-bit), 128-bit nonce, and a 128-bit authentication tag.  I’m not sure why NIST SP 800-232 only mentions but does not specify ASCON-80pq?

As for missions needing lightweight cryptography, in the past this was absolutely yes. There were many missions that would not entertain any manner of security. For the future, not so clear.  Nevertheless, if we can provide a strong but very lightweight algorithm, with a small code-base size (saving memory/storage) and low CPU usage, or even better in very small and cheap silicon, mission managers would be much less resistant to adoption of onboard cryptography.

It could also be very useful in small, low-cost, short-lived CubeSat missions.

Regards

howie

From: Oana-Alexandra Graur <Oana-alexandra.Graur at esa.int>
Sent: Thursday, August 14, 2025 4:47 AM
To: Weiss, Howard [US-US] <Howard.Weiss at parsons.us>; Moury Gilles via SLS-SEA-DLS <sls-sea-dls at mailman.ccsds.org>; Howard.Weiss--- via SEA-SEC <sea-sec at mailman.ccsds.org>
Subject: Re: [Sea-sec] Fw: [EXTERNAL] NIST Publishes SP 800-232: Ascon-Based Lightweight Cryptography Standards for Constrained Devices

Hi Howie,

In principle, we could add Ascon-AEAD128, but that has only 64 bits of quantum resistance (NIST states they want 128 bits from 2030 onwards). For 3KEM of course, it would not be my first choice for instantiation of the cipher (nor the second 😊), but there might be some other environments where AES is too heavy.
Personally I have to admit I have not seen any space missions so far where the hardware was so constrained that they could not do AES, but that doesn’t mean they might not exist. I would say that we would then have to put in some restrictions not to use it with 3KEM.

Did you have the experience that on some missions AES was too heavy? Perhaps deep space where the energy efficiency of Ascon would be very appreciated?

Kind regards,
Oana

From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org<mailto:sea-sec-bounces at mailman.ccsds.org>> on behalf of "Howard.Weiss--- via SEA-SEC" <sea-sec at mailman.ccsds.org<mailto:sea-sec at mailman.ccsds.org>>
Reply to: "Howard.Weiss at parsons.us<mailto:Howard.Weiss at parsons.us>" <Howard.Weiss at parsons.us<mailto:Howard.Weiss at parsons.us>>
Date: Wednesday, 13 August 2025 at 17:26
To: Moury Gilles via SLS-SEA-DLS <sls-sea-dls at mailman.ccsds.org<mailto:sls-sea-dls at mailman.ccsds.org>>, "Howard.Weiss--- via SEA-SEC" <sea-sec at mailman.ccsds.org<mailto:sea-sec at mailman.ccsds.org>>
Subject: [Sea-sec] Fw: [EXTERNAL] NIST Publishes SP 800-232: Ascon-Based Lightweight Cryptography Standards for Constrained Devices

SecWG and SDLS WG: For your information.

Antonios/Oana - while you are updating the CCSDS Cryptographic Algorithms BB for Post-Quantum, would it make sense to add the lightweight symmetric algorithms at the same time?  I believe that lightweight algorithms are directly applicable to the CCSDS environment.

regards

howie
________________________________
From: NIST Cybersecurity and Privacy Program <csrc.nist at announcements.nist.gov<mailto:csrc.nist at announcements.nist.gov>>
Sent: Wednesday, August 13, 2025 10:23 AM
To: howard.weiss at parsons.com<mailto:howard.weiss at parsons.com> <howard.weiss at parsons.com<mailto:howard.weiss at parsons.com>>
Subject: [EXTERNAL] NIST Publishes SP 800-232: Ascon-Based Lightweight Cryptography Standards for Constrained Devices

[Image removed by sender. NIST]

View As Web Page<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fcontent.govdelivery.com*2Faccounts*2FUSNIST*2Fbulletins*2F3eae579/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/AcPPPxFgCgYCXulxwI_ZY2utRlAeCDVDnb_ER3yeQbk=418__;JSUlJSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4H5SCYy0k$>
[Image removed by sender. Header]
NIST Cybersecurity and Privacy Program
NIST Publishes SP 800-232: Ascon-Based Lightweight Cryptography Standards for Constrained Devices

NIST has released Special Publication (SP) 800-232, Ascon-Based Lightweight Cryptography Standards for Constrained Devices<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fcsrc.nist.gov*2Fpubs*2Fsp*2F800*2F232*2Ffinal/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/hEZCjALLPZ6v4A0EsMd4kPdZH2WbwCQn7tHNjGE1MHE=418__;JSUlJSUlJQ!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4H6qIPK7U$>.

This standard introduces a new Ascon-based family of symmetric-key cryptographic primitives that provides robust security, efficiency, and flexibility. With its compact state and range of cryptographic functions, it is ideal for resource-constrained environments, such as Internet of Things (IoT) devices, embedded systems, and low-power sensors. This standard includes multiple algorithms to meet a wide range of symmetric cryptographic needs, including the Authenticated Encryption with Associated Data (AEAD) scheme Ascon-AEAD128, the hash function Ascon-Hash256, and the eXtendable-Output Functions (XOFs) Ascon-XOF128 and Ascon-CXOF128.

Read more about the release of SP 800-232, review NIST's news release<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fwww.nist.gov*2Fnews-events*2Fnews*2F2025*2F08*2Fnist-finalizes-lightweight-cryptography-standard-protect-small-devices/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/1cEbKUEpFmmMrHP8e-xv_KPMaWdI4QRh8t27Pebkp2Q=418__;JSUlJSUlJQ!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4Hpg2i1Ig$>.

Read More<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fcsrc.nist.gov*2Fpubs*2Fsp*2F800*2F232*2Ffinal/2/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/93ReICGcTbe9X0vTog3u53gals74ra-qPQek4TO4fRU=418__;JSUlJSUlJQ!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4Hkx2wMkg$>

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: sp800-232-comments at list.nist.gov<mailto:sp800-232-comments at list.nist.gov>
CSRC Website questions: csrc-inquiry at nist.gov<mailto:csrc-inquiry at nist.gov>

Connect with us
[Image removed by sender. facebook]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fwww.facebook.com*2FNIST/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/1RR_5-1h7JLGeKf68E5eDZ-SpCsK5D_9fJZG-rif_Ys=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HmM0gmcA$>[Image removed by sender. twitter]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Ftwitter.com*2FNIST/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/xmf0BHh--6teQwhrVuPswzSLdlfxbu963PR97H5_WuI=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HgArf-JA$>[Image removed by sender. youtube]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fwww.youtube.com*2FNIST/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/PqFTsMl7KloUjqfm6UoJWUcBK74Irpm71gGoj1Q_yck=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HPm5vj6c$>[Image removed by sender. linkedin]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fwww.linkedin.com*2Fcompany*2Fnist/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/44wtGt65tNGm_LR40MIssiHrHenUpqCn9o4NQX1Cfqk=418__;JSUlJQ!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HSEyuxUM$>[Image removed by sender. flickr]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fwww.instagram.com*2Fnist*2F/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/eexEnbHTFu37unuSJB9DIPWeNsGTTkYzBzTpFfw1Gxc=418__;JSUlJQ!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HifEJAFo$>

Received this email from a friend? Subscribe here<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fpublic.govdelivery.com*2Faccounts*2FUSNIST*2Fsubscriber*2Fnew*3Ftopic_id=USNIST_1/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/x9AlczpyT6I5aaXTW3dsCRIJ8DNjy-FcLlexdF2_2c4=418__;JSUlJSUlJQ!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4H9Z_gQ6A$>.
[Image removed by sender. ITL NIST]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fwww.nist.gov*2Fitl/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/yWid6D2jyJiOtBnRe93Mf3LgLSff0yILhZzY8trppfg=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HRhtFM98$>

Subscriber services:

Manage Preferences<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fpublic.govdelivery.com*2Faccounts*2FUSNIST*2Fsubscriber*2Fedit*3Fpreferences=true*23tab1/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/ROCHKfzDnl3Lk3a9xiCT60U465D2r7d-Ogav-f8gYgM=418__;JSUlJSUlJSU!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HiTGU_Rw$>  |  Unsubscribe<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fpublic.govdelivery.com*2Faccounts*2FUSNIST*2Fsubscriber*2Fedit*3Fpreferences=true*23tab1/2/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/klWMX8rPGnDeaATFgRDnwtS4AKoVi1BE-9sChaGSJ1E=418__;JSUlJSUlJSU!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HOJ4nKkQ$>  |  Help<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fsubscriberhelp.govdelivery.com*2F/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/L1beodgyKNbA1n7obP7UQxA39pb8wfx3nnl_CftCILI=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HDGrewvY$>

________________________________

If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fsubscriberhelp.govdelivery.com*2F/2/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/SgN6ISqRO8reP8x-jEODawRzpe16LdpLI04cc8HZ_sY=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HNcnzYlE$>.
Technical questions? Contact inquiries at nist.gov<mailto:inquiries at nist.gov>. (301) 975-NIST (6478).

This service is provided to you at no charge by National Institute of Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 · Gaithersburg, MD 20899 · 301-975-6478
[Image removed by sender. GovDelivery logo]<https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fsubscriberhelp.granicus.com*2F/1/01000198a3d07004-2f7333ce-c22b-466a-a74b-fd2c46f3d569-000000/FhE_hPGWy2lOuuxihJ9qczGWD6whTZzKNCeQ1kRfGZM=418__;JSUl!!NFAdMAnI0yk!AP3QRG0rUEw6CjfCvzri1KkPDYUGjkEhQLHwf82A6sHsixf_N034cTeG8Tk2EadY-NY66gUqAZnMPbQIyUouQuW8PK4HIHiFVBI$>
[Image removed by sender.]

"NOTICE: This email message and all attachments transmitted with it may contain confidential information, including information that is privileged or protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions."
This message is intended only for the recipient(s) named above. It may contain proprietary information and/or protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int<mailto:dpo at esa.int>).
This message is intended only for the recipient(s) named above. It may contain proprietary information and/or protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20250908/cc4744bd/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 25388 bytes
Desc: image001.png
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20250908/cc4744bd/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 104604 bytes
Desc: image002.png
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20250908/cc4744bd/attachment-0003.png>

More information about the SLS-SEA-DLS mailing list