AEZ
Robust Authenticated Encryption


!Warning!   Bug in AEZ spec – Correction Pending – 2017.03.08

AEZ is an authenticated-encryption (AE) scheme optimized for ease of correct use (“AE made EZ”). It was invented by Viet Tung Hoang, Ted Krovetz, and Phillip Rogaway. The algorithm encrypts a plaintext by appending to it a fixed authentication block (some zero bits) and then enciphering the resulting string with an arbitrary-input-length blockcipher, this tweaked by the nonce, AD, and authenticator length. The approach results in strong security and usability properties, including nonce-reuse misuse resistance, automatic exploitation of decryption-verified redundancy, and arbitrary, user-selectable length expansion. AEZ is parallelizable and its computational cost is roughly that of OCB. On recent Intel processors, AEZ runs at about 0.7 cpb.

AEZ is one of many CAESAR submissions. The AE Zoo provides an alternative enumeration of all submitted specimens.


A top-level representation of AEZ


Rogaway’s homepage