Authenticated encryption (AE) is a cryptographic construction that simultaneously protects
confidentiality and integrity. A considerable amount of research has been devoted to the …

The Sancus security architecture for networked embedded devices was proposed in 2013 at
the USENIX Security conference. It supports remote (even third-party) software installation …

Scenarios in which authenticated encryption schemes output decrypted plaintext before
successful verification raise many security issues. These situations are sometimes …

A popular approach to tweakable blockcipher design is via masking, where a certain
primitive (a blockcipher or a permutation) is preceded and followed by an easy-to-compute …

The Sponge function is known to achieve 2 c/2 security, where c is its capacity. This bound
was carried over to keyed variants of the function, such as SpongeWrap, to achieve a min {2 …

Since the first demonstration of fault attacks by Boneh et al. on RSA, a multitude of fault
attack techniques on various cryptosystems have been proposed. Most of these techniques …

A definition of online authenticated-encryption (OAE), call it OAE1, was given by
Fleischmann, Forler, and Lucks (2012). It has become a popular definitional target because …

Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges.
For example, software attackers perform code injection and code-reuse attacks on their …

In this work, we perform an extensive investigation and construct a portfolio of S-boxes
suitable for secure lightweight implementations, which aligns well with the ongoing NIST …

Side-channel attacks, especially differential power analysis (DPA), pose a serious threat to
cryptographic implementations deployed in a malicious environment. One way to counter …