The State of the Authenticated Encryption

[1] Crypto-competitions google group, https://groups.google.com/forum/#!topic/crypto-competitions/upaRX2jdVCQSearch in Google Scholar

[2] Cryptographic competitions: CAESAR submissions, http://competitions.cr.yp.to/caesar-submissions.htmlSearch in Google Scholar

[3] Secure hash standard,http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdfSearch in Google Scholar

[4] ABED, F.—FLUHRER, S.—FOLEY, J.—FORLER, C.—LIST, E.—LUCKS, S.–MCGREW, D.—WENZEL, J.: Poet,https://competitions.cr.yp.to/round2/poetv20.pdfSearch in Google Scholar

[5] ABED, F.—FORLER, C.—LIST, E.—LUCKS, S.—WENZEL, J.: Don’t panic! The cryptographer’s guide to robust (on-line) encryption: draft, https://www.uni-weimar.de/fileadmin/user/fak/medien/professuren/Mediensicherheit/Research/Drafts/nonce-misuse-oae.pdfSearch in Google Scholar

[6] ABED, F.—FORLER, C.—LUCKS, S.: General overview of the authenticated schemes for the first round of the CAESAR competition, IACR Cryptology ePrint Archive 2014, http://eprint.iacr.org/2014/792Search in Google Scholar

[7] ABED, F.—KÖLBL, S.—LAURIDSEN, M. M.—RECHBERGER, C.—TIESSEN, T.: Authenticated encryption Zoo, https://aezoo.compute.dtu.dk/Search in Google Scholar

[8] ANDREEVA, E.—BILGIN, B.—BOGDANOV, A.—LUYKX, A.—MENDEL, F.–MENNINK, B.—MOUHA, N.—WANG, Q.—YASUDA, K.: Primates,https://competitions.cr.yp.to/round2/primatesv102.pdfSearch in Google Scholar

[9] ANDREEVA, E.—BOGDANOV, A.—LUYKX, A.—MENNINK, B.—MOUHA, N.–YASUDA, K.: How to securely release unverified Plaintext in authenticated encryption, in: Advances in Cryptology—ASIACRYPT ’14 (P. Sarkar, T. Iwata, eds.), 20th Internat. Conf. on the Theory and Appl. of Cryptology and Inform. Security Kaoshiung, Taiwan, 2014, Lecture Notes in Comput. Sci., Vol. 8873, Springer, Berlin, 2014, pp. 105–125.Search in Google Scholar

[10] ANDREEVA, E.–BOGDANOV, A.–LUYKX, A.–MENNINK, B.–TISCHHAUSER, E.–YASUDA, K.: Aes-copa.https://competitions.cr.yp.to/round2/aescopav2.pdfSearch in Google Scholar

[11] ANDREEVA, E.–BOGDANOV, A.–LUYKX, A.–MENNINK, B.–TISCHHAUSER, E.–YASUDA, K.: Parallelizable and authenticated online ciphers. in: Advances in Cryptology—ASIACRYPT ’13, 19th Internat. Conf. on the Theory and Appl. of Cryptology and Inform. Security, Bengaluru, India, 2013, Lecture Notes in Comput. Sci., Vol. 8269, Springer, Berlin, 2013, pp. 424–443.Search in Google Scholar

[12] AUMASSON, J. P.—JOVANOVIC, P.—NEVES, S.: Norx,https://competitions.cr.yp.to/round2/norxv20.pdfSearch in Google Scholar

[13] BELLARE, M.—DESAI, A.—JOKIPII, E.—ROGAWAY, P.: A concrete security treatment of symmetric encryption, in: 54th Annual Symp. on Found. of Comput. Sci.–FOCS ’97, Miami Beach, FL, 1997, IEEE Comput. Soc., 1997, pp. 394–403.Search in Google Scholar

[14] BELLARE, M.—KILIAN, J.—ROGAWAY, P.: The security of the cipher block chaining message authentication code, J. Comput. Syst. Sci. 61 (2000), 362–399.10.1006/jcss.1999.1694Search in Google Scholar

[15] BELLARE, M.—NAMPREMPRE, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm, in: Advances in Cryptology–ASIACRYPT ’00 (T. Okamoto, ed.), 6th Internat. Conf. on the Theory and Appl. of Cryptology and Inform. Security, Kyoto, Japan, Lecture Notes in Comput. Sci., Vol. 1976, Springer, Berlin, 2000, pp. 531–545.Search in Google Scholar

[16] BELLARE, M.—ROGAWAY, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography, in: Advances in Cryptology—ASIACRYPT ’00 (T. Okamoto, ed.), 6th Internat. Conf. on the Theory and Appl. of Cryptology and Inform. Security, Kyoto, Japan, Lecture Notes in Comput. Sci., Vol. 1976, Springer, Berlin, 2000, pp. 317–330.Search in Google Scholar

[17] BERNSTEIN, D. J.: Cryptographic competitions: CAESAR, http://competitions.cr.yp.toSearch in Google Scholar

[18] BERNSTEIN, D. J.: Cryptographic competitions: Disasters, https://competitions.cr.yp.to/disasters.htmlSearch in Google Scholar

[19] BERNSTEIN, D. J.: Cryptographic competitions: Features of various secret-key primitives,https://competitions.cr.yp.to/features.htmlSearch in Google Scholar

[20] BERTONI, G.—DAEMEN, J.—PEETERS, M.—ASSCHE, G. V.—KEER, R. V.: Ketje,https://competitions.cr.yp.to/round1/ketjev11.pdfSearch in Google Scholar

[21] BERTONI, G.—DAEMEN, J.—PEETERS, M.—ASSCHE, G. V.—KEER, R. V.: Keyak,https://competitions.cr.yp.to/round2/keyakv2.pdfSearch in Google Scholar

[22] BIRYUKOV, A.—KHOVRATOVICH, D.: Paeq,https://competitions.cr.yp.to/round1/paeqv1.pdfSearch in Google Scholar

[23] BOGDANOV, A.—LAURIDSEN, M. M.—TISCHHAUSER, E.: Aes-based authenticated encryption modes in parallel high-performance software, DIAC presentation, 2014.10.1007/978-3-662-43933-3_23Search in Google Scholar

[24] BOLDYREVA, A.—DEGABRIELE, J. P.—PATERSON, K. G.—STAM, M.: Security of symmetric encryption in the presence of ciphertext fragmentation, in: Advances in Cryptology—EUROCRYPT ’12, 31st Annual Internat. Conf. on the Theory and Appl. of Cryptographic Techniques, Cambridge, UK, 2012, Lecture Notes in Comput. Sci., Vol. 7237, Springer, Berlin, 2012, pp. 682–699.Search in Google Scholar

[25] CHAKRABORTI, A.—NANDI, M.: Trivia-ck,https://competitions.cr.yp.to/round2/triviackv2.pdfSearch in Google Scholar

[26] COGLIANI, S.—MAIMUT, D.—NACCACHE, D.—DO CANTO, R. P.—REYHANITABAR, R.—VAUDENAY, S.—VIZÁR, D.: OMD: a compression function mode of operation for authenticated encryption, in: Selected Areas in Cryptography—SAC ’14, 21st Internat. Conf., Montreal, QC, Canada, 2014 (A. Joux, A. Youssef, eds.), Lecture Notes in Comput. Sci., Vol. 8781, Springer, Berlin, 2014, pp. 112–128.Search in Google Scholar

[27] COGLIANI, S.—ŞTEFANIA MAIMUŢ, D.—NACCACHE, D.—DO CANTO, R. P.–REYHANITABAR, R.—VAUDENAY, S.—VIZÁR, D.: Offset Merkle-Damgård,https://competitions.cr.yp.to/round2/omdv20.pdfSearch in Google Scholar

[28] DATTA, N.—NANDI, M.: Elmd,https://competitions.cr.yp.to/round2/elmdv20.pdfSearch in Google Scholar

[29] DOBRAUNIG, C.—EICHLSEDER, M.—MENDEL, F.: Forgery attacks on round-reduced icepole-128, Cryptology ePrint Archive, Report 2015/392, http://eprint.iacr.org/10.1007/978-3-319-31301-6_27Search in Google Scholar

[30] DOBRAUNIG, C.—EICHLSEDER, M.—MENDEL, F.—SCHLAFFER, M.: Ascon,https://competitions.cr.yp.to/round2/asconv11.pdfSearch in Google Scholar

[31] DWORKIN, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C, Gaithersburg, 2004.10.6028/NIST.SP.800-38b-2005Search in Google Scholar

[32] FERGUSON, N.: Authentication weaknesses in gcm, Comments submitted to NIST Modes of Operation Process, 2005.Search in Google Scholar

[33] FISCHLIN, M.—GÜNTHER, F.—MARSON, G. A.—PATERSON, K. G.: Data is a stream: Security of stream-based channels, in: Advances in Cryptology—CRYPTO ’15 (R. Gennaro, M. Robshaw, eds.), 35th Annual Cryptology Conf., Santa Barbara, CA, 2015, Lecture Notes in Comput. Sci., Vol. 9216, Springer, Berlin, 2015, pp. 545–564.Search in Google Scholar

[34] FLEISCHMANN, E.—FORLER, C.—LUCKS, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes, in: Fast Software Encryption—FSE ’12, 19th Internat. Workshop, Washington, DC, USA (A. Canteaut, ed.), Lecture Notes in Comput. Sci., Vol. 7549, Springer, Berlin, 2012, pp. 196–215.Search in Google Scholar

[35] GLIGOROSKI, D. – MIHAJLOSKA, H. – SAMARDJISKA, S. – JACOBSEN, H. – EL-HADEDY, M.–JENSEN, R.E.–OTTE, D.: π-cipher,https://competitions.cr.yp.to/round2/picipherv20.pdfSearch in Google Scholar

[36] GROSSO, V. – LEURENT, G. – STANDAERT, F. X. – VARICI, K. – JOURNAULT, A. – DURVAUX, F. – GASPAR, L. – KERCKHOF, S.: Scream,https://competitions.cr.yp.to/round2/screamv3.pdfSearch in Google Scholar

[37] GUO, J.: Marble specification version 1.0., DIAC presentation, 2014.Search in Google Scholar

[38] HALEVI, S.—ROGAWAY, P.: A parallelizable enciphering mode, in: Topics in Cryptology—CT-RSA ’04 (T. Okamoto, ed.), The Cryptographers’ Track at the RSA Conf., San Francisco, CA, USA, 2004, Lecture Notes in Comput. Sci., Vol. 2964, Springer, Berlin, 2004, pp. 292–304.Search in Google Scholar

[39] HOANG, V. T.—KROVETZ, T.—ROGAWAY, P.: Aez,https://competitions.cr.yp.to/round2/aezv4.pdfSearch in Google Scholar

[40] HOANG, V. T.—KROVETZ, T.—ROGAWAY, P.: Robust authenticated-encryption AEZ and the problem that it solves, in: Advances in Cryptology—EUROCRYPT ’15 (E. Oswald et al., eds.), 34th Ann. Internat. Conf. on the Theory and Appl. of Cryptographic Tech., Sofia, Bulgaria, 2015, Lecture Notes in Comput. Sci., Vol. 9056, Springer, Berlin, 2015, pp. 15–44.Search in Google Scholar

[41] HOANG, V. T.—REYHANITABAR, R.—ROGAWAY, P.—VIZÁR, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance, in: Advances in Cryptology–CRYPTO ’15 (R. Gennaro, M. Robshaw, eds.), 35th Ann. Cryptology Conf., Santa Barbara, CA, USA, 2015, Lecture Notes in Comput. Sci., Vol. 9215, Springer, Berlin, 2015, pp. 493–517.Search in Google Scholar

[42] IWATA, T.—MINEMATSU, K.—GUO, J.—MORIOKA, S.—KOBAYASHI, E.: Cloc and silc,https://competitions.cr.yp.to/round2/silcv2.pdfSearch in Google Scholar

[43] JEAN, J.—NIKOLIC, I.—PEYRIN, T.: Tweaks and keys for block ciphers: The TWEAKEY framework, in: Advances in Cryptology—ASIACRYPT ’14 (P. Sarkar et al., eds.), 20th Internat. Conf. on the Theory and Appl. of Cryptology and Inform. Security, Kaoshiung, Taiwan, R.O.C., 2014, Lecture Notes in Comput. Sci., Vol. 8874, Springer, Berlin, 2014, pp. 274–288.Search in Google Scholar

[44] JEAN, J.—NIKOLIĆ, I.—PEYRIN, T.: Deoxys,https://competitions.cr.yp.to/round2/deoxysv13.pdfSearch in Google Scholar

[45] JEAN, J.—NIKOLIĆ, I.—PEYRIN, T.: Joltik,https://competitions.cr.yp.to/round2/joltikv13.pdfSearch in Google Scholar

[46] KATZ, J.—YUNG, M.: Unforgeable encryption and chosen ciphertext secure modes of operation, in: Fast Software Encryption—FSE ’00 (Schneier, B. ed.), 7th Internat. Workshop—FSE ’00, New York, NY, USA, 2000, Lecture Notes in Comput. Sci., Vol. 1978, Springer, Berlin, 2001, pp. 284–299.Search in Google Scholar

[47] KROVETZ, T.: Hs1-siv,https://competitions.cr.yp.to/round2/hs1sivv2.pdfSearch in Google Scholar

[48] KROVETZ, T.—ROGAWAY, P.: Ocb,https://competitions.cr.yp.to/round1/ocbv1.pdfSearch in Google Scholar

[49] LEURENT, G.: Aez bbb, Rump session talk at Eurocrypt ’15.Search in Google Scholar

[50] LISKOV, M.—RIVEST, R. L.—WAGNER, D.: Tweakable block ciphers, in: Advances in Cryptology—CRYPTO ’02 (M. Yung, ed.), 22nd Ann. Internat. Cryptology Conf., Santa Barbara, CA, USA, 2002, Lecture Notes in Comput. Sci., Vol. 2442, Springer, Berlin, 2002, pp. 31–46.Search in Google Scholar

[51] MCGREW, D. A.—VIEGA, J.: The security and performance of the galois/counter mode (GCM) of operation, in: Progress in Cryptology—INDOCRYPT ’04 (A. Canteaut et al., eds.), 5th Internat. Conf. on Cryptology in India, Chennai, India, 2004, Lecture Notes in Comput. Sci., Vol. 3348, Springer, Berlin, 2004, pp. 343–355.Search in Google Scholar

[52] MENNINK, B.—REYHANITABAR, R.—VIZÁR, D.: Security of full-state keyed Sponge and Duplex: applications to authenticated encryption, in: Adv. in Cryptology—ASIACRYPT ’15 (T. Iwata et al., eds.), 21st Internat. Conf. on the Theory and Appl. of Cryptology and Inform. Security, Auckland, New Zealand, 2015, Lecture Notes in Comput. Sci., Vol. 9453, Springer, Berlin, 2015, pp. 465–489.Search in Google Scholar

[53] MINEMATSU, K.: Aes-otr,https://competitions.cr.yp.to/round2/aesotrv2.pdfSearch in Google Scholar

[54] MORAWIECKI, P.—GAJ, K.—HOMSIRIKAMOL, E.—MATUSIEWICZ, K.—PIEPRZYK, J.—ROGAWSKI, M.—SREBRNY, M.—WÓJCIK, M.: Icepole,https://competitions.cr.yp.to/round2/icepolev2.pdfSearch in Google Scholar

[55] NAMPREMPRE, C.—ROGAWAY, P.—SHRIMPTON, T.: AE5 security notions: definitions implicit in the CAESAR call, IACR Cryptology ePrint Archive, 2013, 242.Search in Google Scholar

[56] NANDI, M.: On the minimum number of multiplications necessary for universal hash functions, in: Fast Software Encryption—FSE ’14, 21st Internat. Workshop, London, UK, 2014, Lecture Notes in Comput. Sci., Vol. 8540, Springer, Berlin, 2015, pp. 489–508.Search in Google Scholar

[57] NIKOLIĆ, I.: Tiaoxin,https://competitions.cr.yp.to/round2/tiaoxinv2.pdfSearch in Google Scholar

[58] NIWA, Y.—OHASHI, K.—MINEMATSU, K.—IWATA, T.: GCM security bounds reconsidered. in: Fast Software Encryption—FSE ’15 (G. Leander, G. ed.), 22nd Internat. Workshop, Istanbul, Turkey, 2015, Lecture Notes in Comput. Sci., Vol. 9054, Springer, Berlin, 2015, pp. 385–407.Search in Google Scholar

[59] REYHANITABAR, R.: OMD version 2: a tweak for the 2nd round, crypto-competitions mailing list, August 27, 2015.Search in Google Scholar

[60] REYHANITABAR, R.—VAUDENAY, S.—VIZÁR, D.: Misuse-resistant variants of the OMD authenticated encryption mode, in: Provable Security—ProvSec ’14 (S.S.M. Chow et al., eds.), 8th Internat. Conf., Hong Kong, China, 2014, Lecture Notes in Comput. Sci., Vol. 8782, Springer, Berlin, 2014, pp. 55–70.Search in Google Scholar

[61] REYHANITABAR, R.—VAUDENAY, S.—VIZÁR, D.: Boosting OMD for almost free authentication of associated data, in: Fast Software Encryption—FSE ’15 (G. Leander, ed.), 22nd Internat. Workshop, Istanbul, Turkey, 2015, Lecture Notes in Comput. Sci., Vol. 9054, Springer, Berlin, 2015, pp. 411–427.Search in Google Scholar

[62] REYHANITABAR, R.—VAUDENAY, S.—VIZÁR, D.: Authenticated encryption with variable stretch, Cryptology ePrint Archive, Report 2016/463, http://eprint.iacr.org/10.1007/978-3-662-53887-6_15Search in Google Scholar

[63] RISTENPART, T.—ROGAWAY, P.: How to enrich the message space of a cipher, in: Fast Software Encryption—FSE ’07, 14th Internat. Workshop, Luxembourg, 2007, Lecture Notes in Comput. Sci., Vol. 4593, Springer, Berlin, 2007, pp. 101–118.Search in Google Scholar

[64] ROGAWAY, P.: Authenticated-encryption with associated-data, in: Proc. of the 9th ACM Conf. on Computer and Comm. Security ACM—CCS ’02, Washington, DC, USA, 2002, ACM New York, NY, USA, 2002, pp. 98–107.10.1145/586110.586125Search in Google Scholar

[65] ROGAWAY, P.—BELLARE, M.—BLACK, J.—KROVETZ, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption, in: Proc. of the 8th ACM Conf. on Computer and Comm. Security ACM—CCS ’01, ACM New York, NY, USA, 2001, pp. 196–205.10.1145/501983.502011Search in Google Scholar

[66] ROGAWAY, P.—SHRIMPTON, T.: A provable-security treatment of the key-wrap problem, in: Advances in Cryptology—EUROCRYPT ’06 (S. Vaudenay, ed.), 25th Ann. Internat. Conf. on the Theory and Appl. of Cryptographic Tech., St. Petersburg, Russia, 2006, Lecture Notes in Comput. Sci., Vol. 4004, Springer, Berlin, 2006, pp. 373–390.Search in Google Scholar

[67] SAARINEN, M. J. O.—BRUMLEY, B. B.: Stribob,https://competitions.cr.yp.to/round2/stribobr2.pdfSearch in Google Scholar

[68] SAARINEN, M. O.: Cycling attacks on gcm, GHASH and other polynomial macs and hashes, in: Fast Software Encryption—FSE ’12 (A. Canteau, ed.), 19th Internat. Workshop, Washington, DC, USA, 2012, Lecture Notes in Comput. Sci., Vol. 7549, Springer, Berlin, 2012, pp. 216–225.Search in Google Scholar

[69] SASAKI, Y.–TODO, Y.–AOKI, K.–NAITO, Y.–SUGAWARA, T.–MURAKAMI, Y.–MATSUI, M. – HIROSE, S.: Minalpher,https://competitions.cr.yp.to/round2/minalpherv11.pdfSearch in Google Scholar

[70] VAUDENAY, S.: Security flaws induced by CBC padding – applications to SSL, IPSEC, WTLS ... in: Advances in Cryptology—EUROCRYPT ’02 (L. R. Knudsen, ed.), 21st Internat. Conf. on the Theory and Appl. of Cryptographic Tech., Amsterdam, Netherlands, 2002, Lecture Notes in Comput. Sci., Vol. 2332, Springer, Berlin, 2002, pp. 534–546.Search in Google Scholar

[71] WANG, L.: Shell,https://competitions.cr.yp.to/round2/shellv20.pdfSearch in Google Scholar

[72] WHITING, D.—HOUSLEY, R.—FERGUSON, N.: Counter with CBC-MAC (CCM). IETF RFC 3610 (Inform.), Sep. 2003, http://www.ietf.org/rfc/rfc3610.txt10.17487/rfc3610Search in Google Scholar

[73] WU, H.: Acorn,https://competitions.cr.yp.to/round2/acornv2.pdfSearch in Google Scholar

[74] WU, H.—HUANG, T.: Aes-jambu,https://competitions.cr.yp.to/round2/aesjambuv2.pdfSearch in Google Scholar

[75] WU, H.—HUANG, T.: Morus,https://competitions.cr.yp.to/round2/morusv11.pdfSearch in Google Scholar

[76] WU, H.—PRENEEL, B.: Aegis,https://competitions.cr.yp.to/round1/aegisv1.pdfSearch in Google Scholar