CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness

CAESAR finalists announced

Ciphers that are suitable for hardware-constrained applications (e.g., IoT). Low-cost implementation (in custom hardware or microcontrollers) prioritized over performance.
Finalists: ACORN, Ascon

Ciphers that are designed to perform fast on modern general purpose computers. Improved replacements for AES-GCM and ChaCha20/Poly1305.
Finalists: AEGIS, MORUS, OCB

Prioritizes security over performance. Notably, both of the finalists for this use case are nonce misuse-resistant.
Finalists: COLM, Deoxys-II

competitions.cr.yp.to/caesar-submissions.html
Discuss.

Attached: DXjF1zCX0AArgXw.jpg large.jpg (2048x1536, 258.34K)

Other urls found in this thread:

en.wikipedia.org/wiki/Authenticated_encryption
cryptopp.com/wiki/Authenticated_encryption
keccak.team/sponge_duplex.html
github.com/pvial00
twitter.com/AnonBabble

I don't know what any of these standards are. And are these standards free-as-in-freedom?

CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) will identify a portfolio of authenticated ciphers that (1) offer advantages over AES-GCM and (2) are suitable for widespread adoption. Cryptographic algorithm designers are invited to submit proposals of authenticated ciphers to CAESAR. All proposals will be made public for evaluation.
CAESAR is run by the international cryptologic research community. The University of Illinois at Chicago applied to NIST for funding for a "Cryptographic competitions" grant, and is using some of this funding to support CAESAR benchmarking and the Directions in Authenticated Ciphers workshop series.

Thanks for sharing, OP

This makes me sad. What the fuck is COLM and Deoxys-II???? How can they be better than Keccak????
Oh I see now.

they will sell his families organs to the jews if he doesn't win

...

Can we please ban multiple question marks in a row niggers?

XDDDDDDDDDDDDD
ebin, dude

Isn't AES and ChaCha20 theoretically unbreakable? Well, I mean there indeed was an attack that on AES that was more efficient than simply bruteforcing it but I mean was it so bad that it warrants the replacement of the encryption algorithm? What about my GPG encrypted backups online, are they bust?

Yea afaik the main symmetric key crypto systems are both in practice and theoretically sound vs the things like RSA and ECC which have big theoretical holes.

AES is difficult to implement securely. Not every CPU has AES-NI.
ChaCha20 is only a stream cipher. If you want authenticated encryption you have to couple it with a MAC algorithm.
The reason for this competition isn't that AES/ChaCha20 are insecure (they are very secure if used correctly). The reason for this compettion is to find algorithms that perform authenticated encryption in one pass while being easier to implement than AES-GCM.

What does authenticated mean here? So they are just looking for algorithms that allow prevention of information leaks through side channel attacks like spectre?

Things like a sha256 for a MAC

en.wikipedia.org/wiki/Authenticated_encryption

cryptopp.com/wiki/Authenticated_encryption

Fucking AES trash won for defense in depth. What a fucking joke.
I suggest that you read the attached PDF and this: keccak.team/sponge_duplex.html

Bernstein is the number one cryptographer of all time. His word is practically gospel to cryptographers, and for good reason, he's a mega-brain. Fuck off with your Zig Forums shit

Great appeal to authority, m8.
Please quote what part of my message is Zig Forums???
Bernstein is still assmad because Cubehash was rejected so now he has it in for Keccak. That is also why he made Gimli. Pathetic dwarf.

Also LMAO at this. He is good but hardly the best.

I'm not appealing to authority, but stating that he *is* the authority. I'm appealing to the fact he's an authority *for a reason*.

The way you contributed nothing useful but pointed out his name (which coincidentally ends in -stein) gave that impression.

I am not agreeing or disagreeing with you but you cannot attempt to refute one man's statement of who the best is without providing your own alternative. Someone must be the best, for the other one to not be the best.

Who is the best?

Triggered Bernstein fanboy spotted.
(You)

I can and I did.
But here is my alternative: github.com/pvial00
I have no argument as to why he is the best but neither does have one.

You're asking for knowledge on the best cryptographers? Don't you mean the best alive?

I seem to recall a time when the best cryptographers were murdered by the alphabets.

Don't insult their memories assholes.

y no skein/threefish?