C3Subtitles: 31c3: CAESAR and NORX
back

CAESAR and NORX

Developing the Future of Authenticated Encryption

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:01:04
Language
English
Abstract
"Nearly all of the symmetric encryption modes you learned about in school, textbooks, and Wikipedia are (potentially) insecure." -- Matthew Green

In recent history, we saw time and again (to some extent catastrophic) failures of cryptographic constructions for authenticated encryption (AE) due to bad design choices, implementation errors and a lack of reliable standards. After an introduction providing some background information on these topics, we present CAESAR, a new cryptographic competition which aims to find solutions to the problems mentioned above. In the second part of the talk, we introduce NORX, a new and next-generation AE scheme and our candidate for CAESAR.

<div style="width:600px">
<p><strong>CAESAR</strong> is the <strong>C</strong>ompetition for <strong>A</strong>uthenticated <strong>E</strong>ncryption: <strong>S</strong>ecurity, <strong>A</strong>pplicapility, and
<strong>R</strong>obustness, and the latest crypto contest after AES, eSTREAM, SHA-3, and PHC. CAESAR aims to identify a portfolio of authenticated encryption (AE) schemes with support for associated data (AD). Compared to ciphers like AES-CBC or Salsa20, protects not only confidentiality, but also authenticity and integrity of the processed data. Before we give an introduction to CAESAR, we present the motivations behind the competition, like the importance to protect in-transit data, a lack of reliable AE(AD) standards or the repeated crypto failures in recent history that led, for example, to the cracking of WEP (aircrackng), and to attacks on (D)TLS, like BEAST and Lucky13.</p>

<p>In the second part, we talk about <strong>NORX</strong>, our CAESAR candidate: NORX is a user-oriented cipher, engineered to take advantage of modern CPUs and to scale to different levels of parallelism. NORX relies on trusted building blocks, adapted to meet our design goals:
<ul>
<li>the sponge construction (as used in Keccak/SHA-3) is tuned to provide parallel processing</li>
<li>the core of NORX is inspired by the ciphers Salsa20 and ChaCha (by DJB), and the hash function BLAKE(2) (by Aumasson et al.)</li>
</ul>
We explain how we selected NORX's operations and parameters to achieve maximized security and efficiency in both soft- and hardware. We also report on detailed benchmark results showing that NORX is among the fastest CAESAR candidates on various platforms, from ARM and x86 to ASICs. For example, on Intel's Haswell microarchitecture, NORX achieves 2.51 cycles per byte (more than 1 gigabyte per second), exploiting local parallelism provided by AVX2 instructions.</p>
</div>

Talk ID
6137
Event:
31c3
Day
3
Room
Saal G
Start
4 p.m.
Duration
01:00:00
Track
Science
Type of
lecture
Speaker
Philipp Jovanovic
aumasson