Authenticated Encryption: CAESAR Round 2

The crypto community likes algorithm competitions. It gives us a chance to practice all sorts of skills: design, cryptanalysis, implementation, and standardization. Maybe even soft skills too like collaboration and communication. I’ll also half-jokingly comment it helps the field self-sustain: make, publish, implement, publish, break, publish, repeat 🙂

Authenticated Encryption (AE) is an algorithm that provides confidentiality, integrity, and authenticity of data. It’s a fundamental building block for technologies like TLS. Currently, AES-GCM is the only approved algorithm in NSA’s unclassified Suite B, making it basically the only choice for US governmental and NATO commercial, off-the-shelf information processing.

With so few standardized choices out there, a new competition is currently under way in the crypto community — Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR). First round submissions were due 15 Mar 2014 — 57 candidates.

And this is where the TUT connection comes in: I had a small part in the design of candidate STRIBOB. Over the summer, I brought in main designer Markku-Juhani O. Saarinen for post-doc work. One of the main goals for his time at TUT was to continue the design work, and prepare the updated specification in the event that STRIBOB progressed to the second round of competition.


This year, on 07 Jul, the decision came that 30 candidates progressed to round 2. I’m happy to announce that STRIBOB is among these remaining candidates, and that the work paid off.


CAESAR round 3 decisions won’t be made until well into 2016, but round 2 is an important milestone itself — at this point, I’m happy to just have a horse in the race 🙂

This entry was posted in news, research and tagged , . Bookmark the permalink.