In this paper, we propose a universal hardware Application Programming Interface (API) for authenticated ciphers. In particular, our API is intended to meet the requirements of all algorithms submitted to the CAESAR competition. Two major parts of the API, the interface and the communication protocol, were developed with the goal of reducing any potential biases in benchmarking of authenticated...

For many years I have been both collecting and analysing data on Roman Republican coin hoards. The aim of these analyses has been to identify patterns of coinage found within these hoards, and to understand how these patterns came about. We can, for example, see how the coins in hoards that close immediately after the Battle of Thapsus in 46 BC reflect where Caesar’s troops, and those of the op...

The authenticated encryption scheme COLM is a third-round candidate in the CAESAR competition. Much like its antecedents COPA, ELmE, and ELmD, COLM consists of two parallelizable encryption layers connected by a linear mixing function. While COPA uses plain XOR mixing, ELmE, ELmD, and COLM use a more involved invertible mixing function. In this work, we investigate the integrity of the COLM str...

In this article, we analyse the security of the authenticated encryption mode JAMBU, a submission to the CAESAR competition that remains currently unbroken. We show that the security claims of this candidate regarding its nonce-misuse resistance can be broken. More precisely, we explain a technique to guess in advance a ciphertext block corresponding to a plaintext that has never been queried b...

We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the c...

ICEPOLE is a family of authenticated encryptions schemes submitted to the ongoing CAESAR competition and in addition presented at CHES 2014. To justify the use of ICEPOLE, or to point out potential weaknesses, third-party cryptanalysis is needed. In this work, we evaluate the resistance of ICEPOLE-128 against forgery attacks. By using differential cryptanalysis, we are able to create forgeries ...

ELmD (Encrypt-Linear mix-Decrypt) is a blockcipher based efficient authenticated encryption scheme, which is nonce misuse resistant, fully pipeline implementable. ELmD is a candidate for CAESAR competition and it has been selected for the second round. In this document, we first consider two versions of ELmDv2.0 (i) ELmD: full 10-round AES encryptiondecryption, no intermediate tag, fixed tag si...