From Syllab
Jump to: navigation, search

KIASU is authenticated encryption scheme based on the first ad-hoc tweakable AES used in two modes. It was designed by Jérémy Jean, Ivica Nikolić and Thomas Peyrin.



The ad-hoc tweakable AES is produced from AES by adding 64-bit tweak T to the first two rows of the state of AES in each round (i.e. AddRoundKey is replaced by AddRoundKey & AddTweak).


  • The tweakable block cipher provides 128-bit security (including related-key related-tweak attacks). The first mode greatly benefits from this as the security of the whole modes goes beyond birthday bound. The second might benefit as well (conjecture).
  • Speed overhead compared to AES is minimal. The two modes are based on parallel calls of AES, thus are extremelly efficient in software.
  • Easy to implement given AES code. Backwards compatible with AES (set tweak=0). Security reduction of the tweakable cipher to the security of AES.


The design is fast in software in general and very fast on the processors with AES-NI support.

Speed on AES-NI enabled Intel
Intel Sandy Bridge Intel Haswell
128 256 512 1024 2048 4096 128 256 512 1024 2048 4096
KIASU = 5.42 2.93 2.45 2.27 2.07 1.98 1.81 1.59 1.48 1.44 1.40 1.39
KIASU=\= 1.41 1.21 1.11 1.06 1.03 1.02 0.97 0.84 0.78 0.76 0.75 0.74


The revised (April 2, 2014) document can be found here. The first version of the submission document can be found here.