Survey of design and security evaluation of authenticated encryption algorithms in the CAESAR competition

The Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) supported by the National Institute of Standards and Technology (NIST) is an ongoing project calling for submissions of authenticated encryption (AE) schemes. The competition itself aims at enhancing both the design of AE schemes and related analysis. The design goal is to pursue new AE schemes that are more secure than advanced encryption standard with Galois/counter mode (AES-GCM) and can simultaneously achieve three design aspects: security, applicability, and robustness. The competition has a total of three rounds and the last round is approaching the end in 2018. In this survey paper, we first introduce the requirements of the proposed design and the progress of candidate screening in the CAESAR competition. Second, the candidate AE schemes in the final round are classified according to their design structures and encryption modes. Third, comprehensive performance and security evaluations are conducted on these candidates. Finally, the research trends of design and analysis of AE for the future are discussed.

• Publication year

  2018

• Venue

  Frontiers of Information Technology & Electronic Engineering

• Publication date

  2018-12-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1631/FITEE.1800576
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Improved Lightweight Implementations of CAESAR Authenticated Ciphers

  2018cited by this paper
• Fault attacks on Tiaoxin-346

  2018cited by this paper
• Collision attacks against AEZ-PRF for authenticated encryption AEZ

  2018cited by this paper
• Demadroid: Object Reference Graph-Based Malware Detection in Android

  2018cited by this paper
• State-Recovery Attacks on Modified Ketje Jr

  2018cited by this paper
• Cryptanalysis of MORUS

  2018cited by this paper
• Fault Attack on ACORN v3

  2018cited by this paper
• MEAS: memory encryption and authentication secure against side-channel attacks

  2018cited by this paper
• Fault Attacks on the Authenticated Encryption Stream Cipher MORUS

  2018cited by this paper
• Improved Related-Tweakey Boomerang Attacks on Deoxys-BC

  2018cited by this paper
• Impossible Differential Cryptanalysis on Deoxys-BC-256

  2018cited by this paper
• Distinguishing Attack on NORX Permutation

  2018cited by this paper
• New MILP Modeling: Improved Conditional Cube Attacks on Keccak-Based Constructions

  2018cited by this paper
• Efficient Hardware Accelerator for NORX Authenticated Encryption

  2018cited by this paper
• Security Proof of JAMBU under Nonce Respecting and Nonce Misuse Cases

  2017cited by this paper
• Fault Attack on the Authenticated Cipher ACORN v2

  2017cited by this paper
• Improved Security for OCB3

  2017cited by this paper
• Conditional cube attack on round-reduced River Keyak

  2017cited by this paper
• Under Pressure: Security of Caesar Candidates beyond their Guarantees

  2017cited by this paper
• Reforgeability of Authenticated Encryption Schemes

  2017cited by this paper
• Cube-like Attack on Round-Reduced Initialization of Ketje Sr

  2017cited by this paper
• Differential Fault Attack on Grain v1, ACORN v3 and Lizard

  2017cited by this paper
• Quantum Key-Recovery on Full AEZ

  2017cited by this paper
• Current trends in the development of intelligent unmanned autonomous systems

  2017cited by this paper
• Evaluation of the CAESAR hardware API for lightweight implementations

  2017cited by this paper
• A new authenticated encryption technique for handling long ciphertexts in memory constrained devices

  2017influential reference
• Weak Keys for AEZ, and the External Key Padding Attack

  2017cited by this paper
• Conditional Cube Attack on Round-Reduced ASCON

  2017cited by this paper
• Universal Forgery and Key Recovery Attacks: Application to FKS, FKD and Keyak

  2017cited by this paper
• DPA on hardware implementations of Ascon and Keyak

  2017cited by this paper
• FPGA implementation and comparison of AES-GCM and Deoxys authenticated encryption schemes

  2017cited by this paper
• Analysis of the NORX Core Permutation

  2017cited by this paper
• Analysis and Inner-Round Pipelined Implementation of Selected Parallelizable CAESAR Competition Candidates

  2017cited by this paper
• Almost Universal Forgery Attacks on the COPA and Marble Authenticated Encryption Algorithms

  2017cited by this paper
• An Algorithm for Moderating DoS Attack in Web Based Application

  2017cited by this paper
• A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers

  2017cited by this paper
• ISAP - Towards Side-Channel Secure Authenticated Encryption

  2017cited by this paper
• Investigating Cube Attacks on the Authenticated Encryption Stream Cipher MORUS

  2017cited by this paper
• Ascon hardware implementations and side-channel evaluation

  2017cited by this paper
• A State Recovery Attack on ACORN-v1 and ACORN-v2

  2017cited by this paper
• A Fault-based Attack on AEZ v4.2

  2017cited by this paper
• Differential and Rotational Cryptanalysis of Round-reduced MORUS

  2017cited by this paper
• Two Efficient Fault-Based Attacks on CLOC and SILC

  2017cited by this paper
• Report on Lightweight Cryptography

  2017cited by this paper
• Investigating Cube Attacks on the Authenticated Encryption Stream Cipher MORUS

  2017influential reference
• Full key recovery of ACORN with a single fault

  2016cited by this paper
• ELmD: A Pipelineable Authenticated Encryption and Its Hardware Implementation

  2016cited by this paper
• Low-area hardware implementations of CLOC, SILC and AES-OTR

  2016cited by this paper
• Trick or Tweak: On the (In)security of OTR's Tweaks

  2016cited by this paper
• Practical Fault Attacks on Authenticated Encryption Modes for AES

  2016cited by this paper
• Finding state collisions in the authenticated encryption stream cipher ACORN

  2016cited by this paper
• Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes

  2016cited by this paper
• SAT-based cryptanalysis of ACORN

  2016cited by this paper
• Is AEZ v4.1 Sufficiently Resilient Against Key-Recovery Attacks?

  2016cited by this paper
• Cryptanalysis of Reduced NORX

  2016cited by this paper
• Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm

  2016cited by this paper
• Android platform-based individual privacy information protection system

  2016cited by this paper
• Differential Fault Analysis on Tiaoxin and AEGIS Family of Ciphers

  2016cited by this paper
• Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption

  2016cited by this paper
• Optimization of Hardware Implementations with High-Level Synthesis of Authenticated Encryption

  2016cited by this paper
• The INT-RUP Security of OCB with Intermediate (Parity) Checksum

  2016cited by this paper
• Tweaking Generic OTR to Avoid Forgery Attacks

  2016cited by this paper
• Leakage-Resilient and Misuse-Resistant Authenticated Encryption

  2016cited by this paper
• Investigating Cube Attacks on the Authenticated Encryption Stream Cipher ACORN

  2016cited by this paper
• Fault Based Almost Universal Forgeries on CLOC and SILC

  2016cited by this paper
• SAT-based Cryptanalysis of Authenticated Ciphers from the CAESAR Competition

  2016cited by this paper
• Improved Collision Cryptanalysis of Authenticated Cipher MORUS

  2016cited by this paper
• AES-GCM and AEGIS: Efficient and High Speed Hardware Implementations

  2016cited by this paper
• Suit up! -- Made-to-Measure Hardware Implementations of ASCON

  2015cited by this paper
• Padding Oracle Attack on Block Cipher with CBC|CBC-Double Mode of Operation using the BOZ-PAD

  2015cited by this paper
• Analysis of the Authenticated Cipher MORUS (v1)

  2015cited by this paper
• Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

  2015cited by this paper
• Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption

  2015cited by this paper
• Collision Attacks Against CAESAR Candidates - Forgery and Key-Recovery Against AEZ and Marble

  2015cited by this paper
• Revisiting Security Claims of XLS and COPA

  2015cited by this paper
• Robust Authenticated-Encryption AEZ and the Problem That It Solves

  2015cited by this paper
• Research on the Confusion and Diffusion Properties of the Initialization of MORUS

  2015cited by this paper
• Applications of Key Recovery Cube-attack-like

  2015cited by this paper
• Cryptanalysis of JAMBU

  2015cited by this paper
• Higher Order Differential Analysis of NORX

  2015cited by this paper
• Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

  2015cited by this paper
• Sponges and Engines: An introduction to Keccak and Keyak

  2015cited by this paper
• On the Security of the COPA and Marble Authenticated Encryption Algorithms against (Almost) Universal Forgery Attack

  2015cited by this paper
• Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions

  2014influential reference
• AEZ v1.1: Authenticated-Encryption by Enciphering

  2014influential reference
• Analysis of NORX: Investigating Differential and Rotational Properties

  2014cited by this paper
• Hardware implementation of Offset Codebook Mode3 (OCB3)

  2014cited by this paper
• Linear Biases in AEGIS Keystream

  2014cited by this paper
• Beyond 2c/2 Security in Sponge-Based Authenticated Encryption Modes

  2014cited by this paper
• NORX: Parallel and Scalable AEAD

  2014cited by this paper
• Submission to the CAESAR Competition

  2014cited by this paper
• AEGIS: A Fast Authenticated Encryption Algorithm

  2013cited by this paper
• Collision Attacks on Variant of OCB Mode and Its Series

  2012cited by this paper
• Random Key Chaining (RKC): AES Mode of Operation

  2012cited by this paper
• Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note

  2012cited by this paper
• Galois Counter Mode

  2011influential reference
• Duplexing the sponge: single-pass authenticated encryption and other applications

  2011cited by this paper
• Provably Secure Higher-Order Masking of AES

  2010cited by this paper
• Fault Attack

  2005cited by this paper
• EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data

  2004influential reference

• Systematic Review of Lightweight Cryptographic Algorithms

  2026cites this paper
• A novel distinguishing attack on Rocca

  2025cites this paper
• Key committing attack on Tiaoxin-346 algorithm

  2025cites this paper
• Source Code Anti-Plagiarism: a C# Implementation using the Routing Approach

  2022cites this paper
• Inapplicability of Differential Fault Attacks against Cellular Automata based Lightweight Authenticated Cipher

  2022cites this paper
• Low Area FPGA Implementation of AES Architecture with EPRNG for IoT Application

  2022cites this paper
• Plaintext recovery and tag guessing attacks on authenticated encryption algorithm COLM

  2022cites this paper
• Authenticated Encryption Based on Chaotic Neural Networks and Duplex Construction

  2021cites this paper
• NIST Lightweight Cryptography Standardization Process: Classification of Second Round Candidates, Open Challenges, and Recommendations

  2021cites this paper
• Symmetric Encryption Algorithms: Review and Evaluation Study

  2020cites this paper
• Analyzing The Security of The Cache Side Channel Defences With Attack Graphs

  2020cites this paper
• Lightweight implementation of SILC, CLOC, AES-JAMBU and COLM authenticated ciphers

  2020cites this paper
• Strengthening ACORN Authenticated Cipher with Cellular Automata

  2020cites this paper
• Colored Petri Net Based Cache Side Channel Vulnerability Evaluation

  2019cites this paper