Security Evaluation of Initialization Phases and Round Functions of Rocca and AEGIS

Authenticated-Encryption with Associated-Data (AEAD) plays an important role in guaranteeing confidentiality, integrity, and authenticity network communications. To meet the requirements of high-performance applications, several AEADs make use AES New Instructions (AES-NI), which can conduct operations encryption decryption dramatically fast by hardware accelerations. At SAC 2013, Wu Preneel proposed AES-based AEAD scheme called AEGIS-128/128L/256, to achieve high-speed software implementation. FSE 2016, Jean Nikolić generalized construction AEGIS more efficient round functions. ToSC 2021, Sakamoto et al. further improved constructions Nikolić, Rocca for beyond 5G. In this study, we first evaluate security initialization phases family against differential integral attacks using MILP (Mixed Integer Linear Programming) tools. Specifically, according evaluation based on lower bounds number active S-boxes, AEGIS-128/128L/256 are secure after 4/3/6 rounds, respectively. Regarding attacks, present distinguisher 6 rounds 6/5/7 Besides, function those as cryptographic permutations differential, impossible attacks. Our results indicate that, growth rate increasing S-boxes is faster than Nikolić. For show that achieves sufficient level these smaller