Today, we stand at a point, where countless devices are communicating over publicly accessible networks. One basic need that occurs in such a scenario is the need that messages exchanged between two communicating parties (usually named Alice and Bob) are kept confidential and authentic. In this context, confidentiality means that no one except Alice and Bob should be able to read the message and authenticity means that an alteration of the sent message — maliciously, or unintentionally — can be detected. Both goals can be achieved by using authenticated encryption (AE).
AE fulfills a crucial need because for most applications that we use every day there is not much value in just ensuring that a message is kept confidential. This includes applications with a sole private purpose like instant messaging, but also commercial applications like e-commerce, or online banking.
Due to its practical importance, AE is a very active research topic, having a steady stream of new ideas and new designs. So the big question is, which out of the many proposed designs is secure? At the moment, the answer to this question is cryptanalysis. During cryptanalysis, researchers try to find ways to attack the scheme itself, but also weakened versions of it. In this way, the insight into the security of the designs grows over the years. This leaves us with another question, which of the secure designs should be used in practice?
In symmetric cryptography, one useful answer is public and open cryptographic competitions. Here, researchers from all over the world submit their best designs and scrutinize the other submissions. Examples of such competitions are the ongoing CAESAR competition and the NIST lightweight call, both searching for AE schemes.
In this project, we want to provide advancements to the state-of-the-art in AE. We do this by further scrutinizing the security of the AE scheme Ascon. Ascon, which we co-designed, is one of the seven (out of 57) finalists of CAESAR. Furthermore, the research in the security of Ascon should lead to a submission to the NIST lightweight call.
Also, we plan to analyze other design ideas, like parallel permutation-based cryptography or schemes that are resilient against certain classes of side-channel attacks. Analysis of such schemes allows for a better quantification of their strengths and weaknesses, which in turn leads to a better understanding on the design of AE schemes that can potentially be used in further refinements of existing schemes, or even new designs.