Comprehensive Review of NIST Lightweight Cryptography Algorithms for IoT: Performance Evaluation, Attacks, Optimizations, and Protocol Integration

Abstract

The Internet of Things (IoT) is rapidly expanding into critical healthcare, industrial, and commercial do- mains, yet its resource-constrained devices remain vulnerable to cyberattacks. IoT devices have resource constraints, making it challenging to execute standard security algorithms. To address these limitations, the National Institute of Standards and Technology (NIST) selected 10 Lightweight Cryptographic (LWC) finalist algorithms in 2023 to provide suitable confidentiality for constrained environments. This review focuses exclusively on these finalists and highlights their importance in modern IoT security. A systematic search was conducted across IEEE Xplore, ScienceDirect, Springer, and the Cryptology ePrint Archive, using the PRISMA methodology, defined keywords, and strict inclusion/exclusion criteria. In the initial 2118 retrieved studies, 40 high-quality contributions were selected after title, abstract, and full-text screening. The selected works were categorized into four themes: performance evaluation across hardware and software platforms, cryptanalytic and security assessments, algorithmic optimization, and integration of LWC algorithms into existing systems and communication protocols. Performance analysis research indicates that TinyJambu is the most energy-efficient among the NIST block-cipher-based algorithms. Xoodyak and ASCON demonstrated the best energy efficiency among permutation-based algorithms. On the other hand, the set of Elephant, ISAP, and Grain128-AEAD was the least energy-efficient, consuming up to 10 to 25 times more energy than the most efficient set, TinyJambu. In particular, the first reported cryptanalytic break of the 7-round Xoodyak, presented in a recent article, substantially expands the threat model for the NIST LWC finalist. Some experimental reports indicate a full key-recovery attack with success rates exceeding 90%. In contrast, adapted variants of the attack have proven effective against multiple Elephant-family ciphers, illustrating the importance of updated security assessments and implementation countermeasures. Finally, this study identifies critical research gaps that require further investigation, emphasizing the importance of addressing these challenges through targeted research efforts and developing adaptive solutions in future studies.