AEGIS: High-Speed Authenticated Encryption
Study the AEGIS family of AEAD ciphers designed for maximum throughput on modern hardware.
AEGIS Design Goals
AEGIS was designed specifically to exploit AES-NI hardware acceleration to the maximum, achieving throughput that significantly exceeds AES-GCM on modern CPUs. It was submitted to the CAESAR competition and later standardized in an IETF draft for use in TLS and QUIC.
AEGIS Variants
AEGIS comes in two primary variants: AEGIS-128 (128-bit key, 128-bit nonce) and AEGIS-256 (256-bit key, 256-bit nonce). Both provide 128-bit or 256-bit authentication tags respectively. AEGIS-128L is an optimized variant designed to exploit wider AES-NI pipeline parallelism on modern processors.
All lessons in this course
- Why Encrypt-Then-MAC Beats MAC-Then-Encrypt
- SIV Mode: Nonce-Misuse Resistant AEAD
- AEGIS: High-Speed Authenticated Encryption
- Selecting AEAD for Production Systems