Cryptology ePrint Archive: Report 2014/792

General Classification of the Authenticated Encryption Schemes for the CAESAR Competition

Farzaneh abed and Christian Forler and Stefan Lucks

Abstract: An Authenticated encryption scheme is a scheme which provides privacy and integrity by using a secret key. In 2013, CAESAR (the ``Competition for Authenticated Encryption: Security, Applicability, and Robustness'') was co-founded by NIST and Dan Bernstein with the aim of finding authenticated encryption schemes that offer advantages over AES-GCM and are suitable for widespread adoption. The first round started with 57 candidates in March 2014; and nine of these first-round candidates where broken and withdrawn from the competition. The remaining 48 candidates went through an intense process of review, analysis and comparison. While the cryptographic community benefits greatly from the manifold different submission designs, their sheer number implies a challenging amount of study. This paper provides an easy-to-grasp overview over functional aspects, security parameters, and robustness offerings by the CAESAR candidates, clustered by their underlying designs (block-cipher-, stream-cipher-, permutation-/sponge-, compression-function-based, dedicated). After intensive review and analysis of all 48 candidates by the community, the CAESAR committee selected only 30 candidates for the second round. The announcement for the third round candidates was made on 15th August 2016 and 15 candidates were chosen for the third round.

Category / Keywords: authenticated encryption, CAESAR competition, symmetric cryptography

Original Publication (with minor differences): Computer Science Review
DOI:
10.1016/j.cosrev.2016.07.002

Date: received 4 Oct 2014, last revised 13 Oct 2016

Contact author: farzaneh Abed

Available format(s): PDF | BibTeX Citation

Note: The paper is published at Journal of Computer Science Review

Version: 20161013:075200 (All versions of this report)

Short URL: ia.cr/2014/792

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]