Computer Security - ESORICS 2014

Volume 8713 of the series Lecture Notes in Computer Science pp 19-36

NORX: Parallel and Scalable AEAD

  • Jean-Philippe AumassonAffiliated withKudelski Security
  • , Philipp JovanovicAffiliated withUniversity of Passau
  • , Samuel NevesAffiliated withUniversity of Coimbra

* Final gross prices may vary according to local VAT.

Get Access


This paper introduces NORX, a novel authenticated encryption scheme supporting arbitrary parallelism degree and based on ARX primitives, yet not using modular additions. NORX has a unique parallel architecture based on the monkeyDuplex construction, with an original domain separation scheme for a simple processing of header, payload and trailer data. Furthermore, NORX specifies a dedicated datagram to facilitate interoperability and avoid users the trouble of defining custom encoding and signalling. NORX was optimized for efficiency in both software and hardware, with a SIMD-friendly core, almost byte-aligned rotations, no secret-dependent memory lookups, and only bitwise operations. On a Haswell processor, a serial version of NORX runs at 2.51 cycles per byte. Simulations of a hardware architecture for 180 nm UMC ASIC give a throughput of approximately 10Gbps at 125MHz.


authenticated encryption stream cipher cryptographic sponges