The Deoxys

Authenticated Encryption

** NEWS ** : Deoxys-II has been selected as first choice for the "in-depth security" portfolio of the CAESAR competition

Deoxys is an authenticated encryption scheme based on a 128-bit lightweight ad-hoc tweakable block cipher. It may be used in two modes to handle nonce-respecting users (Deoxys-I) or nonce-reusing user (Deoxys-II).

It has been designed by Jérémy Jean, Ivica Nikolić, Thomas Peyrin and Yannick Seurin.

News

  • (February 2019) Deoxys-II has been selected as winner for the "in-depth security" portfolio of the CAESAR competition for authenticated encryption
  • (March 2018) Deoxys-II has been selected as finalist of the CAESAR competition for authenticated encryption
  • (October 2017) Optimised FPGA implementations of Deoxys, ePrint
  • (July 2017) Optimised software implementations of Deoxys, available in the latest SUPERCOP package
  • (August 2016) Deoxys has been selected as 3rd round candidate of the CAESAR competition for authenticated encryption
  • (July 2015) Deoxys has been selected as 2nd round candidate of the CAESAR competition for authenticated encryption
  • (March 2014) Deoxys has been submitted to the CAESAR competition for authenticated encryption

Features

  • Deoxys achieves very good performances for software implementations (less than a cycle per byte on AES-NI enabled processors)
  • Deoxys provides full 128-bit security for both privacy and authenticity
  • Deoxys has a nonce-misuse mode, Deoxys-II, that resists scenarios where the nonce is reused by the user
  • Deoxys has a good security margin for all the recommended parameters
  • Deoxys is very easy to analyze
  • Deoxys can be lightweight and behaves very good for small messages
  • Deoxys internal primitive is an ad-hoc AES-based tweakable block cipher, an instantiation of the more general so-called TWEAKEY framework

Downloads and implementations

The last version of the Deoxys document, presentation slides, reference and table implementations, test vectors can be found below. You can also find some more Deoxys-II implementations on Oasis Labs' GitHub repository (JavaScript, Rust, Go )

Related articles