Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Flexible Authenticated Encryption

October 4, 2023


Sanketh Menda - Cornell Tech


We define and build a new type of AEAD scheme that we call flexible. Flexibility is intended as an answer to the growing list of desired security and performance features for future AEAD standards. Rather than a scheme per requirement, we offer a single scheme that flexibly incorporates multiple requirements, yet in a unified, systematic, and performance-optimal way. Mandatory for our definition are to provide classic unique-nonce AE security and, importantly and more novel, context commitment; then additionally to allow keys and nonces of arbitrary length. Beyond this, the scheme is configurable through an application-chosen input called a configuration. Via this input, one says what further or advanced security or performance attributes one wants; for example, misuse resistance, nonce-hiding, preservation of length, or parallelizability. The choice can be made dynamically and the scheme will provide the chosen set of attributes without changing the key. In providing a flexible scheme, we take a clean-slate approach. Our Flex scheme is built from a single permutation. Our implementations show that, for each configuration, the performance of Flex is competitive with that of current, dedicated schemes that directly and only provide the features named in that particular configuration.

Presented at

The Third NIST Workshop on Block Cipher Modes of Operation

Event Details


    National Cybersecurity Center of Excellence (NCCoE)
    9700 Great Seneca Highway
    Rockville, MD 20850

Related Topics

Security and Privacy: encryption

Created October 04, 2023, Updated October 05, 2023