Authenticated encryption is an important part in information security. Whenever two parties communicate over a network an authenticated encryption algorithm should be used to provide both privacy and authentication of the data. In most applications, there is not much value in keeping the data secret if it is not authenticated. Authenticated encryption provides a single solution that offers both confidential and authenticated communication. Example applications that rely on authenticated encryption include SSL/TLS, hard disk encryption or SSH. These are widely used to provide secure and authenticated storage of data or communication over the Internet.
Unfortunately, providing both confidentiality and authenticity of information is not a trivial task. Many authenticated encryption schemes have been broken or used wrongly, which has resulted in security flaws of the overlying application. While ciphers and hash functions have received a great deal of attention from the cryptographic community due to such high-profile competitions as NIST's AES and SHA-3 competition, as well as ECRYPT's eSTREAM project, authenticated encryption schemes and message authentication codes have been arguably less popular among researchers. This project will contribute to the state-of-the-art research in the design and analysis of authenticated encryption algorithms. This effort is shared with the cryptographic community, which started the CAESAR competition to find better next generation authenticated encryption schemes.
The first goal of the project is to analyze already established authenticated encryption schemes (e.g. AES-GCM, AES-CCM, ) to get a good view on their security margin. This will result in better and more adequate requirements for design principles of authenticated ciphers. The second goal is to design our own authenticated encryption algorithm for submission to the CAESAR competition. The third goal of the project is to extend the research to authenticated encryption algorithms of the upcoming competition. Given the novelty of most of these new designs, extensive external cryptanalysis will be needed to achieve a clear understanding of their security margin and to get new insights in these designs. Clearly, they should not be used in applications until there has been sufficient independent analysis. With enough cryptanalysis, a portfolio of next generation authenticated encryption algorithms should be ready to use by the public at the end of the CEASAR project.