The AEGIS Family of Authenticated Encryption Algorithms
draft-irtf-cfrg-aegis-aead-18

Document summary
This document defines the AEGIS family of the AES-based authenticated encryption algorithms, namely AEGIS-128L, AEGIS-256, AEGIS-128X, and AEGIS-256X algorithms.
These algorithms are designed for high-performance applications and can additionally be used as stream ciphers and MAC functions.
The document contains necessary information for implementers, as well as operational and security considerations.
AEGIS provides not only the security in the standard nonce-respecting setting, but also committing security and multi-user security.
AEGIS can potentially be used in the TLS, DTLS, QUIC protocols.
This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.

Research Group Summary
The document was adopted by CFRG in August 2022.
Crypto Review Panel review was solicited in September 2024. The review was provided by Scott Fluhrer. Comments from that review were addressed in -13.
There was a Research Group Last Call for the draft in 2024 (November-December). There were no major concerns raised during the RGLC.
A number of minor concerns raised during the RGLC were addressed by the authors in -14, no comments were left unprocessed.

Document quality
There are at least 26 publicly available software implementations in Zig, C, Rust, JavaScript etc.
There are at least two hardware implementations: the RTL VHDL [2] and SystemVerilog [3] implementations.
A list of known implementations and integrations can be found at [1].

One IPR disclosure [4] was submitted to the IETF Secretariat. It was agreed that the IPR doesn't apply to the draft-irtf-cfrg-aegis-aead. This IPR can be applied only if auxiliary information for controling the order of message blocks is appended before the encryption.

Personnel
Stanislav Smyshlyaev is the Document Shepherd.
Dirk Kutscher is the IRTF Chair.


[1] https://github.com/cfrg/draft-irtf-cfrg-aegis-aead?tab=readme-ov-file
[2] https://cryptography.gmu.edu/athena/index.php?id=CAESAR_source_codes
[3] https://github.com/aymanaadel/AEGIS256_UVM_Verification
[4] https://datatracker.ietf.org/ipr/6590/

Document summary
This document defines the AEGIS family of the AES-based authenticated encryption algorithms, namely AEGIS-128L, AEGIS-256, AEGIS-128X, and AEGIS-256X algorithms.
These algorithms are designed for high-performance applications and can additionally be used as stream ciphers and MAC functions.
The document contains necessary information for implementers, as well as operational and security considerations.
AEGIS provides not only the security in the standard nonce-respecting setting, but also committing security and multi-user security.
AEGIS can potentially be used in the TLS, DTLS, QUIC protocols.
This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.

Research Group Summary
The document was adopted by CFRG in August 2022.
Crypto Review Panel review was solicited in September 2024. The review was provided by Scott Fluhrer. Comments from that review were addressed in -13.
There was a Research Group Last Call for the draft in 2024 (November-December). There were no major concerns raised during the RGLC.
A number of minor concerns raised during the RGLC were addressed by the authors in -14, no comments were left unprocessed.

Document quality
There are at least 26 publicly available software implementations in Zig, C, Rust, JavaScript etc.
There are at least two hardware implementations: the RTL VHDL [2] and SystemVerilog [3] implementations.
A list of known implementations and integrations can be found at [1].

One IPR disclosure [4] was submitted to the IETF Secretariat. It was agreed that the IPR doesn't apply to the draft-irtf-cfrg-aegis-aead. This IPR can be applied only if auxiliary information for controling the order of message blocks is appended before the encryption.

Personnel
Stanislav Smyshlyaev is the Document Shepherd.
Colin Perkins is the IRTF Chair.


[1] https://github.com/cfrg/draft-irtf-cfrg-aegis-aead?tab=readme-ov-file
[2] https://cryptography.gmu.edu/athena/index.php?id=CAESAR_source_codes
[3] https://github.com/aymanaadel/AEGIS256_UVM_Verification
[4] https://datatracker.ietf.org/ipr/6590/