We present the Deoxys family of authenticated encryption schemes, which consists of Deoxys-I and Deoxys-II. Both are nonce-based authenticated encryption schemes with associated data and have either 128- or 256-bit keys. Deoxys-I is similar to OCB: It is single-pass but insecure when nonces are repeated; in contrast, Deoxys-II is nonce-misuse resistant. Deoxys-II was selected as first choice in the final portfolio of the CAESAR competition for the defense-in-depth category. Deoxys uses a new family of tweakable block ciphers as internal primitive, Deoxys-TBC, which follows the TWEAKEY framework (Jean, Nikolić, and Peyrin, ASIACRYPT 2014) and relies on the AES round function. Our benchmarks indicate that Deoxys does not sacrifice efficiency for security and performs very well both in software (e.g., Deoxys-I efficiency is similar to AES-GCM) and hardware.

我们介绍了Deoxys系列的认证加密方案，它由Deoxys-I和Deoxys-II 组成。两者都是具有关联数据的基于随机数的认证加密方案，并且具有 128 位或 256 位密钥。Deoxys-I与OCB类似：它是单通的，但在重复随机数时不安全；相比之下，Deoxys-II是抗随机数误用的。Deoxys-II被选为 CAESAR纵深防御类竞赛最终作品集的首选。Deoxys使用一个新的可调整分组密码系列作为内部原语Deoxys-TBC，它遵循TWEAKEY框架（Jean、Nikolić 和 Peyrin，ASIACRYPT 2014）并依赖于AES轮函数。我们的基准测试表明，Deoxys并没有为了安全而牺牲效率，并且在软件（例如，Deoxys-I 的效率类似于AES-GCM）和硬件方面的表现都非常出色。