Dear forum members,
During the Sixth Lightweight Cryptography Workshop last week, NIST stated that the Ascon family could be specified in a Special Publication (SP) format rather than a Federal Information Processing Standards (FIPS) to shorten the standardization process.
On June 23, Robert Moskowitz raised some concerns on using the SP format. Thank you Robert for sharing your concerns.
To avoid confusion, we would like to clarify that when an implementation is FIPS-validated, it means that it has successfully completed the FIPS 140-3 validation process. NIST standards can be validated regardless of whether an algorithm is described in a FIPS or an SP. Therefore, specifying Ascon in a special publication will not prevent its inclusion in the FIPS 140-3 validation process.
Regarding SP 800-185, it is part of the FIPS 140-3 validation program. Programmatic guidance on cryptographic module validation can always be found in the latest FIPS 140-3 Implementation Guidance (IG) (
https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements) and other resources on the cryptographic module validation program page (
https://csrc.nist.gov/projects/cryptographic-module-validation-program). In addition, SP 800-140Cr1 (
https://doi.org/10.6028/NIST.SP.800-140Cr1) and SP 800-140Dr1 (
https://doi.org/10.6028/NIST.SP.800-140Dr1) list the algorithms that are part of the validation program, along with the relevant publications.
Kind regards,
Kerry
--
To unsubscribe from this group, send email to
lwc-forum+...@list.nist.gov <mailto:
lwc-forum+...@list.nist.gov>
Visit this group at
https://groups.google.com/a/list.nist.gov/d/forum/lwc-forum <
https://groups.google.com/a/list.nist.gov/d/forum/lwc-forum>