From Syllab
Jump to: navigation, search

Deoxys is authenticated encryption scheme based on a 128-bit lightweight ad-hoc tweakable block cipher. It may be used in to modes to handle nonce-respecting users or nonce-reusing user.

It has been designed by Jérémy Jean, Ivica Nikolić, Thomas Peyrin and Yannick Seurin.



The ad-hoc tweakable block cipher is an AES-based instantiation of the more general so-called TWEAKEY framework.


  • Deoxys achieves good software performances for software implementations (less than a cycle per byte on recent processors).
  • Deoxys has a good security margin for all the recommended parameters.
  • Deoxys is very easy to analyze
  • Deoxys can be lightweight. First estimations show that Deoxys can be implemented in hardware in around 4600-5600 GE.
  • Deoxys provides full 128-bit security for both privacy and authenticity.
  • Deoxys behaves very good for small messages.

Related articles

  • T. Peyrin and Y. Seurin, "Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers", CRYPTO 2016
  • J. Jean, I. Nikolić, T. Peyrin, "Tweaks and Keys for Block Ciphers: the TWEAKEY Framework" - ASIACRYPT 2014


The last version of the document (October 12, 2016) can be found here.