Deoxys is authenticated encryption scheme based on a 128-bit lightweight ad-hoc tweakable block cipher. It may be used in to modes to handle nonce-respecting users or nonce-reusing user.
The ad-hoc tweakable block cipher is an AES-based instantiation of the more general so-called TWEAKEY framework.
- Deoxys achieves good software performances for software implementations (less than a cycle per byte on recent processors).
- Deoxys has a good security margin for all the recommended parameters.
- Deoxys is very easy to analyze
- Deoxys can be lightweight. First estimations show that Deoxys can be implemented in hardware in around 4600-5600 GE.
- Deoxys provides full 128-bit security for both privacy and authenticity.
- Deoxys behaves very good for small messages.
- T. Peyrin and Y. Seurin, "Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers", CRYPTO 2016
- J. Jean, I. Nikolić, T. Peyrin, "Tweaks and Keys for Block Ciphers: the TWEAKEY Framework" - ASIACRYPT 2014
The last version of the document (October 12, 2016) can be found here.