This survey is the first work on the current standard for lightweight cryptography, standardized in 2023. Lightweight cryptography plays a vital role in securing resource-constrained embedded systems such as deeply-embedded systems (implantable and wearable medical devices, smart fabrics, smart homes, and the like), radio frequency identification (RFID) tags, sensor networks, and privacy-constrained usage models. National Institute of Standards and Technology (NIST) initiated a standardization process for lightweight cryptography and after a relatively-long multi-year effort, eventually, in Feb. 2023, the competition ended with ASCON as the winner. This lightweight cryptographic standard will be used in deeply-embedded architectures to provide security through confidentiality and integrity/authentication (the dual of the legacy AES-GCM block cipher which is the NIST standard for symmetric key cryptography). ASCON's lightweight design utilizes a 320-bit permutation which is bit-sliced into five 64-bit register words, providing 128-bit level security. This work summarizes the different implementations of ASCON on field-programmable gate array (FPGA) and ASIC hardware platforms on the basis of area, power, throughput, energy, and efficiency overheads. The presented work also reviews various differential and side-channel analysis attacks (SCAs) performed across variants of ASCON cipher suite in terms of algebraic, cube/cube-like, forgery, fault injection, and power analysis attacks as well as the countermeasures for these attacks. We also provide our insights and visions throughout this survey to provide new future directions in different domains. This survey is the first one in its kind and a step forward towards scrutinizing the advantages and future directions of the NIST lightweight cryptography standard introduced in 2023.

翻译：本综述是首篇针对2023年标准化的轻量级密码现行标准的研究。轻量级密码在保护资源受限嵌入式系统（如深度嵌入式系统：植入式及可穿戴医疗设备、智能织物、智能家居等）、射频识别标签、传感器网络及隐私受限应用场景中发挥着关键作用。美国国家标准与技术研究院启动了轻量级密码标准化流程，经过多年相对漫长的努力，最终于2023年2月以ASCON胜出结束了该竞赛。该轻量级密码标准将用于深度嵌入式架构，通过机密性与完整性/认证（对称密钥密码NIST标准——传统AES-GCM分组密码的对偶形式）提供安全保障。ASCON的轻量化设计采用320位置换，通过位切片技术划分为五个64位寄存器字，实现128位安全等级。本文基于面积、功耗、吞吐量、能量和效率开销等指标，系统总结了ASCON在FPGA与ASIC硬件平台上的不同实现方案。本文还从代数攻击、立方/类立方攻击、伪造攻击、故障注入攻击和功耗分析攻击等维度，综述了ASCON密码套件各变种所面临的差分分析与侧信道分析攻击及其防护对策。我们在全文中提供了洞见与展望，为不同领域指明新的未来方向。这是首篇此类综述，为审视2023年推出的NIST轻量级密码标准的优势与未来发展方向迈出了关键一步。