CAESAR and NORX - Developing the Future of Authenticated Encryption

“Nearly all of the symmetric encryption modes you learned about in school, textbooks, and Wikipedia are (potentially) insecure.” – Matthew Green
In recent history, we saw time and again (to some extent catastrophic) failures of cryptographic constructions for authenticated encryption (AE) due to bad design choices, implementation errors and a lack of reliable standards. After an introduction providing some background information on these topics, we present CAESAR, a new cryptographic competition which aims to find solutions to the problems mentioned above. In the second part of the talk, we introduce NORX, a new and next-generation AE scheme and our candidate for CAESAR.

CAESAR is the Competition for Authenticated Encryption: Security, Applicapility, and
Robustness, and the latest crypto contest after AES, eSTREAM, SHA-3, and PHC. CAESAR aims to identify a portfolio of authenticated encryption (AE) schemes with support for associated data (AD). Compared to ciphers like AES-CBC or Salsa20, protects not only confidentiality, but also authenticity and integrity of the processed data. Before we give an introduction to CAESAR, we present the motivations behind the competition, like the importance to protect in-transit data, a lack of reliable AE(AD) standards or the repeated crypto failures in recent history that led, for example, to the cracking of WEP (aircrackng), and to attacks on (D)TLS, like BEAST and Lucky13.

In the second part, we talk about NORX, our CAESAR candidate: NORX is a user-oriented cipher, engineered to take advantage of modern CPUs and to scale to different levels of parallelism. NORX relies on trusted building blocks, adapted to meet our design goals:


Really interesting watch and the reference code looks much simpler than AES s-tables and suchlike. Very cool and the warnings at the beginning are well worth understanding as well.

1 Like