If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
<p><strong>CAESAR</strong> is the <strong>C</strong>ompetition for <strong>A</strong>uthenticated <strong>E</strong>ncryption: <strong>S</strong>ecurity, <strong>A</strong>pplicapility, and
<strong>R</strong>obustness, and the latest crypto contest after AES, eSTREAM, SHA-3, and PHC. CAESAR aims to identify a portfolio of authenticated encryption (AE) schemes with support for associated data (AD). Compared to ciphers like AES-CBC or Salsa20, protects not only confidentiality, but also authenticity and integrity of the processed data. Before we give an introduction to CAESAR, we present the motivations behind the competition, like the importance to protect in-transit data, a lack of reliable AE(AD) standards or the repeated crypto failures in recent history that led, for example, to the cracking of WEP (aircrackng), and to attacks on (D)TLS, like BEAST and Lucky13.</p>
<p>In the second part, we talk about <strong>NORX</strong>, our CAESAR candidate: NORX is a user-oriented cipher, engineered to take advantage of modern CPUs and to scale to different levels of parallelism. NORX relies on trusted building blocks, adapted to meet our design goals:
<li>the sponge construction (as used in Keccak/SHA-3) is tuned to provide parallel processing</li>
<li>the core of NORX is inspired by the ciphers Salsa20 and ChaCha (by DJB), and the hash function BLAKE(2) (by Aumasson et al.)</li>
We explain how we selected NORX's operations and parameters to achieve maximized security and efficiency in both soft- and hardware. We also report on detailed benchmark results showing that NORX is among the fastest CAESAR candidates on various platforms, from ARM and x86 to ASICs. For example, on Intel's Haswell microarchitecture, NORX achieves 2.51 cycles per byte (more than 1 gigabyte per second), exploiting local parallelism provided by AVX2 instructions.</p>