VHDL/Verilog Code of Round 2 CAESAR Candidates

Summary II



Algorithm
Hardware
Group
Variant-Arch
ID
Key/Nonce/Tag
length
Ref. Software
Architecture
AD/Msg
block size
PDI/SDI
width
Authenticated
Encryption
Throughput1
Authenticated
Decryption
Throughput2
Authentication-Only
Throughput3
Completed
Runs4
ACORN
CCRG NTU Singapore v1-1
128/128/128
acorn128v2
8-bit
8/8
8/8
8/T
8/T
8/T
HP & LC
ACORN
CCRG NTU Singapore v1-2
128/128/128
acorn128v2 32-bit
32/32
32/32
32/T
32/T
32/T
HP & LC
AEGIS
CCRG NTU Singapore v1-1
128/128/128
aegis128l
Basic Iterative
256/256
256/64
256/T
256/T
256/T
HP
AES-COPA
CERG GMU v1-1
128/128/128
aescopav2
Basic Iterative 128/128
32/32
128/(11*T)
128/(11*T) 128/(11*T) HP
AES-JAMBU
CCRG NTU Singapore v1-1
96/48/48
simonjambu96v2
Basic Iterative 48/48
48/48
48/(54*T) 48/(54*T) 48/(54*T) HP & LC
AES-OTR
NEC Japan v1-1
128/96/128
aes128otrpv2
Basic Iterative 128/128
32/32
128/(12*T) 128/(12*T) 128/(12*T) HP
AEZ
CERG GMU v1-1
384/96/128
aezv4
Basic Iterative 128/256
64/32
256/(25*T) 256/(25*T) 128/(5*T) HP
Ascon
IAIK TU Graz v1-1
128/128/128
ascon128v11
Basic Iterative 64/64
32/32
64/(6*T) 64/(6*T) 64/(6*T) HP & LC
Ascon
IAIK TU Graz v1-2
128/128/128 ascon128v11 Unrolled x2 64/64 32/32
64/(3*T) 64/(3*T) 64/(3*T) HP & LC
Ascon IAIK TU Graz v1-3
128/128/128 ascon128v11 Unrolled x3 64/64 32/32 64/(2*T) 64/(2*T) 64/(2*T) HP & LC
Ascon IAIK TU Graz v1-4
128/128/128 ascon128v11 Unrolled x6 64/64 32/32 64/T 64/T 64/T only V7
Ascon IAIK TU Graz v2-1
128/128/128 ascon128v11 Basic Iterative 128/128
32/32 128/(8*T)
128/(8*T) 128/(8*T) HP & LC
Ascon IAIK TU Graz v2-2
128/128/128 ascon128v11 Unrolled x2
128/128 32/32 128/(4*T) 128/(4*T) 128/(4*T) HP & LC
Ascon IAIK TU Graz v2-3
128/128/128 ascon128v11 Unrolled x4 128/128 32/32 128/(2*T) 128/(2*T) 128/(2*T) only V7
Ascon CERG GMU v1-1
128/128/128 ascon128v11 Basic Iterative 64/64
32/32
64/(7*T) 64/(7*T) 64/(7*T) HP & LC
Ascon CERG GMU v2-1
128/128/128 ascon128v11 Basic Iterative 128/128
32/32
128/(9*T) 128/(9*T) 128/(9*T) HP & LC
CLOC
CLOC-SILC Team v1-1
128/96/64
aes128n12t8clocv2
Basic Iterative 128/128
32/32
128/(23*T) 128/(23*T) 128/(12*T) HP
CLOC
CERG GMU v1-1
128/96/64
aes128n12t8clocv2 Basic Iterative 128/128
32/32
128/(11*T) 128/(11*T) 128/(11*T) HP
CLOC
CERG GMU v2-1
128/64/64 aes128n8t8clocv2 Basic Iterative 128/128
32/32
128/(11*T) 128/(11*T) 128/(11*T) HP
Deoxys
Axel & Marc v1-1
NR-128-128
128/64/128
deoxysneq128128v13
Basic Iterative 128/128
128/128
128/(20*T)
--
128/(19*T) HP
Deoxys
Axel & Marc v2-1
NR-256-128
256/64/128
deoxysneq256128v13 Basic Iterative 128/128
128/256
128/(22*T) --
128/(21*T) HP
Deoxys
Axel & Marc v3-1
NMR-128-128
128/128/128
deoxyseq128128v13 Basic Iterative 128/128 128/128
128/(39*T) --
128/(19*T) HP
Deoxys
Axel & Marc v4-1
NMR-256-128
256/128/128
deoxysneq256128v13 Basic Iterative 128/128 128/256
128/(43*T) --
128/(21*T)
HP
Deoxys
CERG GMU v1-1
NR-128-128
128/64/128
deoxysneq128128v13 Basic Iterative 128/128 32/32
128/(29*T)
128/(29*T) 128/(29*T) HP
Deoxys CERG GMU v1-2
NR-128-128
128/64/128 deoxysneq128128v13 Basic iterative
with speculative
pre-computation
128/128
32/32
128/(15*T) 128/(15*T) 128/(15*T) HP
ELmD
Lab Hubert Curien,
St. Etienne
v1-1
elmd1000
128/64/128
elmd1000v1
Basic Iterative 128/128
64/64
128/(10*T) 128/(10*T) 128/(10*T) HP
ELmD
Lab Hubert Curien,
St. Etienne
v2-1
elmd101270
128/64/128 elmd101270v2
Folded /2h
128/128
64/64
128/(10*T) 128/(10*T) 128/(10*T) HP
HS1-SIV
DS Radboud University Nijmegen v1-1
256/96/128
hs1sivv2
Basic Iterative
64/64




HS1-SIV
CERG GMU v1-1
128/96/128
hs1sivv2 Basic Iterative 512/512 128/32
512/(41*T) 512/(25*T) 512/(25*T) HP
ICEPOLE
CERG GMU v1-1
128/128/128
icepole128av1
Basic Iterative 1024/1024
256/32
1024/(7*T) 1024/(7*T) 1024/(7*T) HP
Joltik
Axel & Marc v1-1
NR-128-64
128/32/64
joltikneq12864v13 Basic Iterative 64/64
64/128
64/(38*T) --
64/(37*T) HP
Joltik Axel & Marc v2-1
NR-64-64
64/32/64
joltikneq6464v13 Basic Iterative 64/64
64/64
64/(30*T) --
64/(29*T) HP
Joltik Axel & Marc v3-1
NMR-128-64
128/64/64
joltikeq12864v13 Basic Iterative 64/64
64/128
64/(75*T) --
64/(37*T) HP
Joltik Axel & Marc v4-1
NMR-64-64
64/64/64
joltikeq6464v13 Basic Iterative 64/64
64/64
64/(59*T) --
64/(29*T) HP
Joltik CERG GMU v1-1
NR-128-64
128/32/64
joltikneq12864v13 Basic Iterative 64/64
32/32
64/(65*T)
64/(65*T) 64/(65*T) HP & LC
Joltik
CERG GMU v1-2
NR-128-64
128/32/64 joltikneq12864v13 Basic iterative
with speculative
pre-computation
64/64
32/32
64/(33*T) 64/(33*T) 64/(33*T) HP & LC
Ketje
Ketje-Keyak Team v1-1
KetjeSr
128/128/128
ketjesrv2
Basic Iterative 32/32
32/32
32/T
32/T 32/T HP & LC
Ketje
Ketje-Keyak Team v2-1
KetjeJr
96/64/64
ketjejrv2
Basic Iterative 32/32
32/32
32/(2*T) 32/(2*T) 32/(2*T) HP & LC
Keyak
Ketje-Keyak Team v1-1
LakeKeyak
128/128/128
lakekeyakv2
Basic Iterative 1344/1344
32/32
1344/(12*T)
1344/(12*T) 1344/(12*T) HP
Keyak
Ketje-Keyak Team v2-1
RiverKeyak
128/128/128
riverkeyakv2
Basic Iterative 544/544
32/32
544/(12*T) 544/(12*T) 544/(12*T) HP
Minalpher
Minalpher Team v1-1
128/104/128
minalpherv1
Basic Iterative 256/256
32/32
256/(39*T)
256/(39*T) 256/(39*T) HP
Minalpher
CERG GMU v1-1
128/96/128
minalpherv1 Basic Iterative 256/256
32/32
256/(19*T) 256/(19*T) 256/(19*T) HP
MORUS
CCRG NTU Singapore v1-1
128/128/128
morus1280128v1
Basic Iterative 256/256
256/64
256/T
256/T 256/T HP
NORX
ISL ETH Zurich v1-1
256/128/256
norx6441v2
Basic Iterative 768/768
768/-
768/(4*T) 768/(4*T) 768/(4*T)
NORX
CERG GMU v1-1
256/128/256 norx6441v2 Basic Iterative 768/768
256/32
768/(4*T)
768/(4*T) 768/(4*T) HP
NORX CERG GMU v2-1
128/64/128 norx3241v2 Basic Iterative 384/384
128/32
384/(4*T) 384/(4*T) 384/(4*T) HP
NORX CERG GMU v3-1
256/128/256 norx6461v2 Basic Iterative 768/768
256/32
768/(6*T) 768/(6*T) 768/(6*T) HP
NORX CERG GMU v4-1
128/64/128 norx3261v2 Basic Iterative 384/384
128/32
384/(6*T) 384/(6*T) 384/(6*T) HP
OCB
CERG GMU v1-1
128/96/128
aeadaes128ocbtaglen128v1
Basic Iterative 128/128
32/32
128/(12*T)
128/(12*T) 128/(12*T) HP
OMD
CERG GMU v1-1
128/96/128 omdsha256k128n96tau128v2 Basic Iterative 512/256
32/32
256/(66*T)
256/(66*T) 256/(33*T) HP
PAEQ
CERG GMU v1-1
128/96/128
paeq128
Basic Iterative 240/368 32/32 368/(21*T) 368/(21*T) 240/(21*T) HP
Pi-Cipher
Pi-Cipher Team v1-2
Pi16-Cipher096
96/32/128 pi16cipher096v2
Iterative
128/128
16/16
128/(1782*T)
128/(1782*T) 128/(1782*T) V6 only
Pi-Cipher Pi-Cipher Team v2-2
Pi32-Cipher128
128/128/256
pi32cipher128v2
Iterative 256/256
32/32
256/(1782*T) 256/(1782*T) 256/(1782*T) HP (except V7)
Pi-Cipher Pi-Cipher Team v4-2
Pi64-Cipher256
256/128/512
pi64cipher256v2
Iterative 512/512
64/64
512/(1782*T) 512/(1782*T) 512/(1782*T) HP (except V7)
Pi-Cipher CERG GMU v2-1
Pi32-Cipher128
128/128/256 pi32cipher128v2
Folded /4(v) 128/128
128/32
256/(25*T)
256/(25*T) 256/(25*T) HP
Pi-Cipher CERG GMU v3-1
Pi64-Cipher128
128/128/512
pi64cipher128v2
Folded /4(v) 256/256
256/32
512/(25*T) 512/(25*T) 512/(25*T) HP (except V7)
Pi-Cipher CERG GMU v4-1
Pi64-Cipher256
256/128/512
pi64cipher256v2
Folded /4(v) 256/256
256/32
512/(25*T) 512/(25*T) 512/(25*T) HP
POET
EmSec RUB
v1-1
128/128/128

Basic iterative
128/128
128/128
128/(12*T)
128/(12*T)
128/(12*T) HP
POET
CERG GMU v1-1
128/128/128
aes128poetv2aes4ls0lt0
Basic Iterative 128/128
32/32
128/(10*T)
128/(10*T) 128/(10*T) HP
PRIMATEs
GIBBON
CERG GMU v1-1
120/120/120
primatesv1gibbon120
Basic Iterative 40/40
40/40
40/(7*T)
40/(7*T) 40/(7*T) HP & LC
PRIMATEs
GIBBON
CERG GMU v2-1
80/80/80
primatesv1gibbon80 Basic Iterative 40/40
40/40
40/(7*T) 40/(7*T) 40/(7*T) HP & LC
PRIMATEs
HANUMAN
CERG GMU v1-1
120/120/120
primatesv1hanuman120 Basic Iterative 40/40
40/40
40/(13*T) 40/(13*T) 40/(13*T) HP & LC
PRIMATEs
HANUMAN
CERG GMU v2-1
80/80/80
primatesv1hanuman80 Basic Iterative 40/40
40/40
40/(13*T) 40/(13*T) 40/(13*T) HP & LC
SCREAM
CG UCL, INRIA v1-1
128/88/128
scream10v3 Basic Iterative 128/128
128/-
128/(21*T) 128/(21*T) 128/(21*T) HP & LC
SCREAM CG UCL, INRIA v1-2
128/88/128
scream10v3 Unrolled x2
128/128
128-
128/(11*T) 128/(11*T) 128/(11*T) HP & LC
SCREAM CERG GMU v1-1
128/88/128 scream10v3
Basic Iterative 128/128
32/32
128/(21*T)
128/(21*T) 128/(21*T) HP & LC
SCREAM CERG GMU v1-2
128/88/128 scream10v3 Unrolled x2
128/128
32/32
128/(11*T) 128/(11*T) 128/(11*T) HP & LC
SHELL
Shanghai Jiao Tong University, China v1-1
128/80/128
shellaes128v2d4n80
Basic Iterative 128/128
32/32
128/(4*T)
128/(3*T) 128/(3*T) HP
SILC
CLOC-SILC Team v1-1
128/96/64
aes128n12t8silcv2
Basic Iterative 128/128
32/32
128/(23*T) 128/(23*T) 128/(12*T) HP
STRIBOB
CERG GMU v1-1
w/ miniboxes
192/128/128
stribob192r2
Basic Iterative 256/256
32/32
256/(13*T) 256/(13*T) 256/(13*T) HP
STRIBOB
CERG GMU v1-2
w/o miniboxes
192/128/128
stribob192r2 Basic Iterative 256/256
32/32
256/(13*T) 256/(13*T) 256/(13*T) HP
TriviA-ck
Lab Hubert Curien,
St. Etienne
v1-1
128/64/128
trivia0v2
Basic Iterative 64/64
64/64 64/T 64/T 64/T HP & LC
TriviA-ck
Lab Hubert Curien,
St. Etienne
v2-1
128/64/128
trivia128v2 Basic Iterative 64/64
64/64
64/T 64/T 64/T HP & LC
TriviA-ck
CERG GMU v1-1
128/96/128
trivia0v2 Basic Iterative 64/64
64/32
64/T
64/T 64/T HP












AES-GCM
CERG GMU v1-1
128/96/128
aes128gcmv1
Basic Iterative 128/128
32/32
128/(11*T) 128/(11*T) 128/(11*T) HP

  1. Authenticated Encryption Throughput is expressed using the formula:  <message block size>/(<#clock cycles per block>*T). This formula describes  the circuit performance most accurately for long messsags. T is the minimum clock period after placing & routing, different for each algorithm.
  2. Authenticated Decryption Throughput is expressed using the formula:  <ciphertext block size>/(<#clock cycles per block>*T). This formula describes the circuit performance most accurately for long ciphertexts. T is the minimum clock period after placing & routing, different for each algorithm.
  3. Authentication-Only Throughput is expressed using the formula:  <AD block size>/(<#clock cycles per block>*T). This formula describes the circuit performance most accurately for long AD. T is the minimum clock period after placing & routing, different for each algorithm.
  4. In the Completed Runs column, HP represents completed benchmarking using four High-Performance FPGA families: Virtex-6, Virtex-7, Stratix IV and Stratix V; LC represents completed benchmarking using four Low-Cost FPGA families: Spartan-6, Artix-7, Cyclone IV, and Cyclone V.