Multi-user Security of the Elephant v2 Authenticated Encryption Mode

Abstract

One of the finalists in the NIST Lightweight Cryptography competition is Elephant v2, a parallelizable, permutation-based authenticated encryption scheme. The original first/second-round submission Elephant v1/v1.1 was proven secure against nonce-respecting adversaries in the single-user setting. For the final round, the mode has undergone certain subtle modifications, the most important one being a change in the authentication portion of the mode. These changes require a new dedicated security proof.

In this work, we prove the security of the Elephant v2 mode. First of all, our proof shows that Elephant v2 is indeed a secure authenticated encryption scheme and that its security against nonce-respecting adversaries is on par with that of Elephant v1/v1.1. In addition, our security analysis is in the multi-user setting and demonstrates that Elephant v2 fares well if multiple devices use Elephant v2 with independent keys. Moreover, our proof shows that Elephant v2 even ensures authenticity under nonce misuse.