New Results and Insights on ForkAE

In this work we summarize, discuss and interpret the recent advances in security analysis and optimized SW and HW implementations of the NIST second round lightweight authenticated encryption candidate ForkAE.

We highlight the most important comparisons in the recent ForkAE results, discuss their conclusions and illustrate our interpretation of these results with further use cases. While ForkAE with the Fork Skinny primitive is designed with efficiency for short messages in mind, when the underlying primitive Fork Skinny is used in the recent modes of operation RPAEF and GCTR the performance is also improved for the longer messages for authenticated encryption and encryption, respectively. 

Regarding security, we bring evidence that ForkAE provides stronger security guarantees than originally claimed, and can thus also be classified as a ‘defense-in-depth’ candidate. More precisely, ForkAE provides well-defined nonce misuse resistance MNR guarantees in its sequential SAEF mode of operation.