Authenticated encryption (AE) is one of the most important cryptographic tools in use today, providing security for numerous Internet protocols and applications. For example, it is used underneath the HTTPS, IPSec, and SSH protocols to protect Internet communication, the WPA2 protocol for Wi-Fi connections, and Netflix’s MSL streaming protocol. Yet there have been numerous attacks on real-world AE implementations and standards, because of misuse that the conventional AE security model doesn’t capture. In this talk, I will present Robust AE, a strong security model that allows compliant schemes to (i) resist many common types of misuse and (ii) have better usability for format-constrained protocols (such as disk encryption or legacy protocols) or resource-constrained settings (such as sensor networks or the Internet of Things). Robust AE has a fast instantiation AEZ, which is one of the 29 round-2 candidates in the ongoing standardization contest Caesar, and is distinguished by being the notionally strongest submission.

Viet Tung Hoang is a postdoc at UC Santa Barbara, working in practice-oriented cryptography. Before coming to UCSB, he graduated from UC Davis in 2013, and then held postdoc positions at UC San Diego and University of Maryland.