Abstract: The Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) supported by the National Institute of Standards and Technology (NIST) is an ongoing project calling for submissions of authenticated encryption (AE) schemes. The competition itself aims at enhancing both the design of AE schemes and related analysis. The design goal is to pursue new AE schemes that are more secure than advanced encryption standard with Galois/counter mode (AES-GCM) and can simultaneously achieve three design aspects: security, applicability, and robustness. The competition has a total of three rounds and the last round is approaching the end in 2018. In this survey paper, we first introduce the requirements of the proposed design and the progress of candidate screening in the CAESAR competition. Second, the candidate AE schemes in the final round are classified according to their design structures and encryption modes. Third, comprehensive performance and security evaluations are conducted on these candidates. Finally, the research trends of design and analysis of AE for the future are discussed.

CAESAR竞赛认证加密算法设计分析与安全性评估进展

[1]Abdellatif KM, Chotin-Avot R, Mehrez H, 2017. AES-GCM and AEGIS: efficient and high speed hardware implementations. J Signal Proc Syst, 88(1):1-12.

[2]Agrawal M, Chang D, Sanadhya SK, 2017. A new authenticated encryption technique for handling long ciphertexts in memory constrained devices. Int J Appl Cryptogr, 3(3):236-261.

[3]Al Mahri HQ, Simpson L, Bartlett H, et al., 2016. Tweaking generic OTR to avoid forgery attacks. Proc 6^th Int Conf on Applications and Techniques in Information Security, p.41-53.

[4]Al Mahri HQ, Simpson L, Bartlett H, et al., 2017. A fault-based attack on AEZ v4.2. Proc IEEE Trustcom/BigDataSE/ICESS, p.634-641.

[5]Andreeva E, Bogdanov A, Luykx A, et al., 2015. AES-COPA v.2. CAESAR Submission.

[6]Andreeva E, Bogdanov A, Luykx A, et al., 2016a. AES-COPA v.1. Submission to the CAESAR competition.

[7]Andreeva E, Bogdanov A, Datta N, 2016b. ELmD v2.1. CAESAR Third Round Submission.

[8]Ashur T, Eichlseder M, Lauridsen MM, et al., 2018. Cryptanalysis of MORUS. Int Conf on the Theory and Application of Cryptology and Information Security, p.35-64.

[9]Aumasson JP, Jovanovic P, Neves S, 2014a. Analysis of NORX: investigating differential and rotational properties. Proc 3^rd Int Conf on Cryptology and Information Security in Latin America, p.306-324.

[10]Aumasson JP, Jovanovic P, Neves S, 2014b. NORX: parallel and scalable AEAD. Proc 19^th European Symp on Research in Computer Security, p.19-36.

[11]Aumasson JP, Jovanovic P, Neves S, 2015. NORX v3.0. Submission to CAESAR (2016).

[12]Bagheri N, Huang T, Jia KT, et al., 2016. Cryptanalysis of reduced NORX. Proc 23^rd Int Conf on Fast Software Encryption, p.554-574.

[13]Banik S, Bogdanov A, Minematsu K, 2016. Low-area hardware implementations of CLOC, SILC and AES-OTR. IEEE Int Symp on Hardware Oriented Security and Trust, p.71-74.

[14]Bay A, Ersoy O, Karakocc F, 2016. Universal forgery and key recovery attacks on ELmD authenticated encryption algorithm. Proc 22^nd Int Conf on the Theory and Application of Cryptology and Information Security, p.354-368.

[15]Bellare M, Namprempre C, 2008. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J Cryptol, 21(4):469-491.

[16]Bellare M, Rogaway P, Wagner D, 2003. A conventional authenticated-encryption mode. Manuscript.

[17]Bellare M, Rogaway P, Spies T, 2010. The FFX mode of operation for format-preserving encryption. NIST Submission.

[18]Berti F, Koeune F, Pereira O, et al., 2016. Leakage-resilient and misuse-resistant authenticated encryption. IACR Cryptology ePrint Archive: Report 2016/996.

[19]Bertoni G, Daemen J, Peeters M, et al., 2011. Duplexing the sponge: single-pass authenticated encryption and other applications. Int Workshop on Selected Areas in Cryptography, p.320-337.

[20]Bertoni G, Daemen J, Peeters M, et al., 2015. Keyak v2. CAESAR Submission.

[21]Berton G, Daemen J, Peeters M, et al., 2016. Ketje v2. CAESAR Submission.

[22]Bhaumik R, Nandi M, 2017. Improved security for OCB3. Proc 23^rd Int Conf on the Theory and Application of Cryptology and Information Security, p.638-666.

[23]Bi WQ, Li Z, Dong XY, et al., 2017. Conditional cube attack on round-reduced River Keyak. Des Code Cryptogr, 86(6):1295-1310.

[24]Biryukov A, Udovenko A, Velichkov V, 2017. Analysis of the NORX Core Permutation. IACR Cryptology ePrint Archive: Report 2017/034.

[25]Bonnetain X, 2017. Quantum key-recovery on full AEZ. Proc 24^th Int Conf on Selected Areas in Cryptography, p.394-406.

[26]Bossuet L, Datta N, Mancillas-López C, et al., 2016. ELmD: a pipelineable authenticated encryption and its hardware implementation. IEEE Trans Comp, 65(11):3318-3331.

[27]Bost R, Sanders O, 2016. Trick or tweak: on the (in)security of OTR’s tweaks. Proc 22^nd Int Conf on the Theory and Application of Cryptology and Information Security, p.333-353.

[28]Chaigneau C, Gilbert H, 2016. Is AEZ v4.1 sufficiently resilient against key-recovery attacks? IACR Trans Symmetr Cryptol, 2016(1):114-133.

[29]Chaigneau C, Thomas F, Gilbert H, 2015. Full key-recovery on ACORN in nonce-reuse and decryption-misuse settings. Posed on the Crypto-Competition Mailing List.

[30]Cid C, Huang T, Peyrin T, et al., 2017. A security analysis of deoxys and its internal tweakable block ciphers. IACR Trans Symmetr Cryptol, 2017(3):73-107.

[31]Clift P, 2014. Hardware Implementation of Offset Codebook Mode3 (OCB3). MS Thesis, California State University, Sacramento, USA.

[32]Dalai DK, Roy D, 2017. A state recovery attack on ACORN-v1 and ACORN-v2. Proc 11^th Int Conf on Network and System Security, p.332-345.

[33]Das S, Maitra S, Meier W, 2015. Higher order differential analysis of NORX. IACR Cryptology ePrint Archive: Report 2015/186.

[34]Deshpande S, Gaj K, 2017. Analysis and inner-round pipelined implementation of selected parallelizable CAESAR competition candidates. Euromicro Conf on Digital System Design, p.274-282.

[35]Dey P, Rohit RS, Adhikari A, 2016a. Full key recovery of ACORN with a single fault. J Inform Secur Appl, 29:57-64.

[36]Dey P, Rohit RS, Sarkar S, et al., 2016b. Differential fault analysis on Tiaoxin and AEGIS family of ciphers. Proc 4^th Int Symp on Security in Computing and Communication, p.74-86.

[37]Dinur I, Morawiecki P, Pieprzyk J, et al., 2015. Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. Proc 34^th Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.733-761.

[38]Dobraunig C, Eichlseder M, Korak T, et al., 2016a. Practical fault attacks on authenticated encryption modes for AES. IACR Cryptology ePrint Archive: Report 2016/616.

[39]Dobraunig C, Eichlseder M, Korak T, et al., 2016b. Statistical fault attacks on nonce-based authenticated encryption schemes. Proc 22^nd Int Conf on the Theory and Application of Cryptology and Information Security, p.369-395.

[40]Dobraunig C, Eichlseder M, Mendel F, et al., 2016c. Ascon v1.2. Submission to the CAESAR Competition.

[41]Dobraunig C, Eichlseder M, Mangard S, et al., 2017. ISAP–-towards side-channel secure authenticated encryption. IACR Trans Symmetr Cryptol, 2017(1):80-105.

[42]Dong XY, Li Z, Wang XY, et al., 2017. Cube-like attack on round-reduced initialization of Ketje Sr. IACR Trans Symmetr Cryptol, 2017(1):259-280.

[43]Dwivedi AD, Klouvcek M, Morawiecki P, et al., 2016. SAT-based cryptanalysis of authenticated ciphers from the CAESAR competition. IACR Cryptology ePrint Archive: Report 2016/1053.

[44]Dwivedi AD, Morawiecki P, Wójtowicz S, 2017. Differential and rotational cryptanalysis of round-reduced MORUS. Proc 1422^th Int Joint Conf on e-Business and Telecommunications, p.275-284.

[45]Dwivedi AD, Klouvcek M, Morawiecki P, et al., 2016. SAT-based cryptanalysis of authenticated ciphers from the CAESAR competition. IACR Cryptology ePrint Archive: Report 2016/1053.

[46]Dworkin M, 2016. Recommendation for block cipher modes of operation: methods for format-preserving encryption. NIST Special Publication 800-38G.

[47]Ertaul L, Sravya KL, Sanka N, 2016. Implementation of authenticated encryption algorithm offset code book (OCB). Proc Int Conf on Wireless Networks, p.78-84.

[48]Farahmand F, Diehl W, Abdulgadir A, et al., 2018. Improved lightweight implementations of CAESAR authenticated ciphers. Cryptology ePrint Archive: Report 2018/573.

[49]Forler C, List E, Lucks S, et al., 2017. Reforgeability of authenticated encryption schemes. Proc 22^nd Australasian Conf on Information Security and Privacy, p.19-37.

[50]Fuhr T, Leurent G, Suder V, 2014. Collision attacks against CAESAR candidates. Proc 21^st Int Conf on the Theory and Application of Cryptology and Information Security, p.510-532.

[51]Fuhr T, Naya-Plasencia M, Rotella Y, 2018. State-recovery attacks on modified Ketje Jr. IACR Trans Symmetr Cryptol, 2018(1):29-56.

[52]Gligor VDP, 2016. Extended cipher block chaining encryption. Submission to NIST.

[53]Gligor VD, Donescu P, 2001. Fast encryption and authentication: XCBC encryption and XECB authentication modes. Int Workshop on Fast Software Encryption, p.92-108.

[54]Gross H, Wenger E, Dobraunig C, et al., 2015. Suit up!-Made-to-measure hardware implementations of ASCON. Euromicro Conf on Digital System Design, p.645-652.

[55]Gross H, Wenger E, Dobraunig C, et al., 2017. ASCON hardware implementations and side-channel evaluation. Microprocess Microsyst, 52:470-479.

[56]Halevi S, 2004. EME*: extending EME to handle arbitrary-length messages with associated data. Proc 5^th Int Conf on Cryptology in India, p.315-327.

[57]Halevi S, Rogaway P, 2004. A parallelizable enciphering mode. Cryptographers’ Track at the RSA Conf, p.292-304.

[58]Hellström H, StreamSec H, 2001. Propagating cipher feedback mode. Proc 2^nd NIST Modes of Operation mboxWorkshop.

[59]Hoang VT, Krovetz T, Rogaway P, 2014. AEZ v1: authenticated-encryption by enciphering. CAESAR 1^st Round.

[60]Hoang VT, Krovetz T, Rogaway P, 2015. Robust authenticated-encryption AEZ and the problem that it solves. Proc 34^th Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.15-44.

[61]Hoang VT, Krovetz T, Rogaway P, 2016. AEZ v4. 2: authenticated encryption by enciphering. CAESAR mboxSubmission.

[62]Huang T, Wu HJ, 2018. Distinguishing attack on NORX permutation. IACR Trans Symmetr Cryptol, 2018(1):57-73.

[63]Hwang S, Lee C, 2015. Padding Oracle attack on block cipher with CBC|CBC-double mode of operation using the BOZ-PAD. J Soc e-Buss Stud, 20(1):89-97.

[64]Iwata T, Minematsu K, Guo J, et al., 2014. SILC: simple lightweight CFB. Submission to the CAESAR mboxCompetition.

[65]Jean J, Nikolić I, Peyrin T, et al., 2016. Deoxys v1.41. Submitted to CAESAR.

[66]Josh RJ, Sarkar S, 2015. Some observations on ACORN v1 and Trivia-SC. Lightweight Cryptography Workshop, p.20-21.

[67]Jovanovic P, Luykx A, Mennink B, 2014. Beyond 2^c/2 security in sponge-based authenticated encryption modes. Proc 20^th Int Conf on the Theory and Application of Cryptology and Information Security, p.85-104.

[68]Jutla CS, 2001. Encryption modes with almost free message integrity. Int Conf on the Theory and Applications of Cryptographic Techniques, p.529-544.

[69]Jutla CS, 2016a. Integrity aware cipher block chaining. Submission to NIST.

[70]Jutla CS, 2016b. Integrity aware parallelizable mode. Submission to NIST.

[71]Kaushal PK, Sobti R, Geetha G, 2012. Random Key Chaining (RKC): AES mode of operation. Int J Appl Inform Syst, 1(5):39-45.

[72]Kohno T, 2003. Carter Wegman (authentication) with Counter (encryption). http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/cwc/cwc-spec.pdf

[73]Kotegawa M, Iwai K, Tanaka H, et al., 2016. Optimization of hardware implementations with high-level synthesis of authenticated encryption. Bull Netw Comput Syst Soft, 5(1):26-33.

[74]Koteshwara S, Das A, Parhi KK, 2017. FPGA implementation and comparison of AES-GCM and Deoxys authenticated encryption schemes. IEEE Int Symp on Circuits and Systems, p.1-4.

[75]Krovetz T, Rogaway P, 2016. OCB (v1.1). https://competitions.cr.yp.to/round3/ocbv11.pdf

[76]Kumar S, Haj-Yahya J, Chattopadhyay A, 2018. Efficient hardware accelerator for NORX authenticated encryption. IEEE Int Symp on Circuits and Systems, p.1-5.

[77]Lafitte F, Lerman L, Markowitch O, et al., 2016. SAT-based cryptanalysis of ACORN. IACR Cryptology ePrint Archive: Report 2016/521.

[78]Li Z, Dong XY, Wang XY, 2017. Conditional cube attack on round-reduced ASCON. IACR Trans Symmetr Cryptol, 2017(1):175-202.

[79]Liskov M, Rivest RL, Wagner D, 2002. Tweakable block ciphers. Proc 22^nd Annual Int Cryptology Conf, p.31-46.

[80]Liskov M, Rivest RL, Wagner D, 2011. Tweakable block ciphers. J Cryptol, 24(3):588-613.

[81]Liu FB, Liu FM, 2017. Universal forgery and key recovery attacks: application to FKS, FKD and Keyak. Cryptology ePrint Archive: Report 2017/691.

[82]Liu MC, Lin DD, 2014. Cryptanalysis of lightweight authenticated cipher ACORN. Posed on the Crypto-Competition Mailing List.

[83]Lu JQ, 2015. On the security of the COPA and marble authenticated encryption algorithms against (almost) universal forgery attack. IACR Cryptology ePrint Archive: Report 2015/079.

[84]Lu JQ, 2017. Almost universal forgery attacks on the COPA and marble authenticated encryption algorithms. Proc ACM Asia Conf on Computer and Communications Security, p.789-799.

[85]Mary DSN, Begum AT, 2017. An algorithm for moderating DoS attack in web based application. Int Conf on Technical Advancements in Computers and Communications, p.26-31.

[86]McGrew D, Viega J, 2004. The Galois/counter mode of operation (GCM). Submission to NIST Modes of Operation Process.

[87]McKay KA, Bassham LE, Turan MS, et al., 2017. Report on lightweight cryptography. NIST.

[88]Mehrdad A, Moazami F, Soleimany H, 2018. Impossible differential cryptanalysis on deoxys-BC-256. Cryptology ePrint Archive, Report 2018/048.

[89]Mennink B, 2017. Weak keys for AEZ, and the external key padding attack. Cryptographers’ Track at the RSA Conf, p.223-237.

[90]Mennink B, Reyhanitabar R, Vizár D, 2015. Security of full-state keyed sponge and duplex: applications to authenticated encryption. Int Conf on the Theory and Application of Cryptology and Information Security, p.465-489.

[91]Meyers M, Daemen J, Batina L, 2017. Side channel protected Keyak on ARM cortex-M4. http://www.cs.ru.nl/bachelors-theses/2017/Martin_Meyers_4497899_Side_channel_protected_Keyak_ on_ARM_Cortex-M4.pdf

[92]Mileva A, Dimitrova V, Velichkov V, 2015. Analysis of the authenticated cipher MORUS (v1). Proc 2^nd Int Conf on Cryptography and Information Security in the Balkans, p.45-59.

[93]Minaud B, 2014. Linear biases in AEGIS keystream. Proc 21^st Int Conf on Selected Areas in Cryptography, p.290-305.

[94]Minematsu K, 2014. Parallelizable rate-1 authenticated encryption from pseudorandom functions. Proc 33^rd Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.275-292.

[95]Minematsu K, 2016. AES-OTR v3.1. Japan Submission to CAESAR, NEC Corporation.

[96]Minematsu K, Guo J, Kobayashi E, 2016. CLOC and SILC. https://competitions.cr.yp.to/round3/clocsilcv3.pdf

[97]Moise A, Beroset E, Phinney T, et al., 2011. EAX’ Cipher Mode. NIST.

[98]Morawiecki P, Pieprzyk J, Straus M, et al., 2015. Applications of key recovery cube-attack-like. IACR Cryptology ePrint Archive: Report 2015/1009.

[99]Nandi M, 2015. Revisiting security claims of XLS and COPA. IACR Cryptology ePrint Archive: Report 2015/444.

[100]Nikolić I, 2016. Tiaoxin v2.1. CAESAR Third Round Submission.

[101]Pereira O, Standaert FX, Vivek S, 2015. Leakage-resilient authentication and encryption from symmetric cryptographic primitives. Proc 22^nd ACM SIGSAC Conf on Computer and Communications Security, p.96-108.

[102]Peyrin T, Sim SM, Wang L, et al., 2015. Cryptanalysis of JAMBU. Proc 22^nd Int Workshop on Fast Software Encryption, p.264-281.

[103]Pub F, 1980. DES Modes of Operation. https://csrc.nist.gov/publications/detail/fips/81/archive/1980-12-02

[104]Recacha F, 2016. Input and output chaining. Submission to NIST.

[105]Rivain M, Prouff E, 2010. Provably secure higher-order masking of AES. Proc 12^th Int Workshop on Cryptographic Hardware and Embedded Systems, p.413-427.

[106]Rogaway P, 2004. Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. Proc 10^th Int Conf on the Theory and Application of Cryptology and Information Security, p.16-31.

[107]Rogaway P, 2016. Offset codebook. Submission to NIST.

[108]Rogaway P, Shrimpton T, 2007. The SIV mode of operation for deterministic authenticated-encryption (key wrap) and misuse-resistant nonce-based authenticated-encryption. http://web.cs.ucdavis.edu/$sim$rogaway/papers/siv.pdf

[109]Rogaway P, Bellare M, Black J, et al., 2001. OCB Mode. IACR Cryptology ePrint Archive.

[110]Rott J, 2010. Intel$^circledR$ Advanced Encryption Standard Instructions (AES-NI). Technical Report, Intel.

[111]Roy DB, Chakraborti A, Chang D, et al., 2016. Fault based almost universal forgeries on CLOC and SILC. Proc 6^th Int Conf on Security, Privacy, and Applied Cryptography Engineering, p.66-86.

[112]Roy DB, Chakraborti A, Chang D, et al., 2017. Two efficient fault-based attacks on CLOC and SILC. J Hardw Syst Secur, 1(3):252-268.

[113]Sadeghi H, Alizadeh J, 2014. A forgery attack on AES-OTR.

[114]Salam I, Simpson L, Bartlett H, et al., 2017. Investigating cube attacks on the authenticated encryption stream cipher MORUS. IEEE Trustcom/BigDataSE/ICESS, p.961-966.

[115]Salam I, Al Mahri HQ, Simpson L, et al., 2018a. Fault attacks on Tiaoxin-346. Proc Australasian Computer Science Week Multiconf, Article 5.

[116]Salam I, Simpson L, Bartlett H, et al., 2018b. Fault attacks on the authenticated encryption stream cipher MORUS. Cryptography, 2(1), Article 4.

[117]Salam MI, Bartlett H, Dawson E, et al., 2016a. Investigating cube attacks on the authenticated encryption stream cipher ACORN. Proc 6^th Int Conf on Applications and Techniques in Information Security, p.15-26.

[118]Salam MI, Wong KKH, Bartlett H, et al., 2016b. Finding state collisions in the authenticated encryption stream cipher ACORN. Proc Australasian Computer Science Week Multiconf, Article 36.

[119]Samwel N, Daemen J, 2017. DPA on hardware implementations of Ascon and Keyak. Proc Computing Frontiers Conf, p.415-424.

[120]Sasaki Y, 2018. Improved related-tweakey boomerang attacks on deoxys-BC. Progress in Cryptology-AFRICACRYPT, p.87-106.

[121]Schroeppel RC, Anderson WE, Beaver CL, et al., 2004. Cipher-state (CS) mode of operation for AES. Submission to NIST.

[122]Shi TR, Guan J, Li JZ, et al., 2016. Improved collision cryptanalysis of authenticated cipher MORUS. Proc 2^nd Int Conf on Artificial Intelligence and Industrial Engineering, p.429-432.

[123]Shi TR, Jin CH, Guan J, 2018. Collision attacks against AEZ-PRF for authenticated encryption AEZ. China Commun, 15(2):46-53.

[124]Siddhanti A, Sarkar S, Maitra S, et al., 2017. Differential fault attack on grain v1, ACORN v3 and lizard. Proc 7$^rm th$ Int Conf on Security, Privacy, and Applied Cryptography Engineering, p.247-263.

[125]Song L, Guo J, Shi DP, et al., 2017. New MILP modeling: improved conditional cube attacks on Keccak-based constructions. Cryptology ePrint Archive: Report 2017/1030.

[126]Stoffelen K, 2015. Intrinsic Side-Channel Analysis Resistance and Efficient Masking. MS Thesis, Radboud University, Nijmegen, the Netherlands.

[127]Sun ZL, Wang P, Zhang LT, 2012. Collision attacks on variant of OCB mode and its series. Proc 8^th Int Conf on Information Security and Cryptology, p.216-224.

[128]Unterluggauer T, Werner M, Mangard S, 2018. MEAS: memory encryption and authentication secure against side-channel attacks. J Cryptogr Eng, 2018(1):1-22.

[129]Vaudenay S, Vizár D, 2017. Under pressure: security of Caesar candidates beyond their guarantees. Cryptology ePrint Archive: Report 2017/1147.

[130]Veyrat-Charvillon N, Medwed M, Kerckhof S, et al., 2012. Shuffling against side-channel attacks: a comprehensive study with cautionary note. Proc 18^th Int Conf on the Theory and Application of Cryptology and Information Security, p.740-757.

[131]Wang G, Zhang HY, Liu FM, 2017. Security proof of JAMBU under nonce respecting and nonce misuse cases. Cryptology ePrint Archive: Report 2017/831.

[132]Wang HR, He H, Zhang WZ, 2018. Demadroid: object reference graph-based malware detection in Android. Secur Commun Netw, Article 7 064 131.

[133]Wegman MN, Carter JL, 1981. New hash functions and their use in authentication and set equality. J Comp Syst Sci, 22(3):265-279.

[134]Wetzels J, Bokslag W, 2015. Sponges and engines: an introduction to Keccak and Keyak. http://arxiv.org/abs/1510.02856

[135]Whiting D, Housley R, Ferguson N, 2003. Counter with CBC-MAC (CCM). Network Working Group.

[136]Wu HJ, 2016. ACORN: a lightweight authenticated cipher (v3). Candidate for the CAESAR Competition.

[137]Wu HJ, Huang T, 2014. JAMBU lightweight authenticated encryption mode and AES-JAMBU. CAESAR Competition Proposal.

[138]Wu HJ, Huang T, 2016. The authenticated cipher MORUS (v2). https://competitions.cr.yp.to/round3/morusv2.pdf

[139]Wu HJ, Preneel B, 2013. AEGIS: a fast authenticated encryption algorithm. Proc 20^th Int Conf on Selected Areas in Cryptography, p.185-201.

[140]Xue L, 2016. A Novel Approach for Flexray Protocol with Confidentiality and Authenticity. MS Thesis, National University of Singapore, Singapore.

[141]Yalla P, Kaps JP, 2017. Evaluation of the CAESAR hardware API for lightweight implementations. Int Conf on ReConFigurable Computing and FPGAs (ReConFig), p.1-6.

[142]Zhang P, Guan J, Li JZ, et al., 2015. Research on the confusion and diffusion properties of the initialization of MORUS. J Cryptol Res, 2(6):536-548 (in Chinese).

[143]Zhang P, Wang P, Hu HG, 2016. The INT-RUP security of OCB with intermediate (Parity) checksum. IACR Cryptology ePrint Archive: Report 2016/1059.

[144]Zhang T, Li Q, Zhang CS, et al., 2017. Current trends in the development of intelligent unmanned autonomous systems. Front Inform Technol Electron Eng, 18(1):68-85.

[145]Zhang WZ, Li X, Xiong NX, et al., 2016. Android platform-based individual privacy information protection system. Pers Ubiq Comp, 20(6):875-884.

[146]Zhang XJ, Feng XT, Lin DD, 2017. Fault attack on the authenticated cipher ACORN v2. Secur Commun Netw, Article 3 834 685.

[147]Zhang XJ, Feng XT, Lin DD, 2018. Fault attack on ACORN v3. Comp J, 61(8):1166-1179.