NORX: Parallel and Scalable AEAD

  • Jean-Philippe Aumasson
  • Philipp Jovanovic
  • Samuel Neves
Conference paper

DOI: 10.1007/978-3-319-11212-1_2

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)
Cite this paper as:
Aumasson JP., Jovanovic P., Neves S. (2014) NORX: Parallel and Scalable AEAD. In: Kutyłowski M., Vaidya J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham


This paper introduces NORX, a novel authenticated encryption scheme supporting arbitrary parallelism degree and based on ARX primitives, yet not using modular additions. NORX has a unique parallel architecture based on the monkeyDuplex construction, with an original domain separation scheme for a simple processing of header, payload and trailer data. Furthermore, NORX specifies a dedicated datagram to facilitate interoperability and avoid users the trouble of defining custom encoding and signalling. NORX was optimized for efficiency in both software and hardware, with a SIMD-friendly core, almost byte-aligned rotations, no secret-dependent memory lookups, and only bitwise operations. On a Haswell processor, a serial version of NORX runs at 2.51 cycles per byte. Simulations of a hardware architecture for 180 nm UMC ASIC give a throughput of approximately 10Gbps at 125MHz.


authenticated encryption stream cipher cryptographic sponges 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jean-Philippe Aumasson
    • 1
  • Philipp Jovanovic
    • 2
  • Samuel Neves
    • 3
  1. 1.Kudelski SecuritySwitzerland
  2. 2.University of PassauGermany
  3. 3.University of CoimbraPortugal

Personalised recommendations