Provably secure and efficient cryptography

Cryptography underpins the security of digital systems. Symmetric cryptography secures the bulk of data in use today due to its efficiency advantages (over its asymmetric counterpart). This makes designing symmetric algorithms an important task towards securing our systems.

Provably secure and efficient designs

Secure cryptographic functions are built upon solid theoretical foundations and supported by mathematical proofs and cryptanalysis. In our group we continuously develop and improve the theoretical security models and frameworks to reflect contemporary design applications. We support our designs with proofs of security and apply cryptanalysis to test the design strength against various attack scenarios and to verify the tightness of the delivered security bounds. Efficiency of cryptographic functions has different meanings depending on the target application, and varies from throughput to number of addition or multiplication operations. We aim at developing cryptographic functions optimized for specific applications.

For classical systems and small devices

Encryption, authentication (MACs) and authenticated encryption (AE) symmetric schemes secure classical systems for data in transit and at rest. We are co-designers of:

  • COLM authenticated encryption - a finalist in the defense in depth category in the CAESAR AE competition, that comes with high provable security guarantees and is fitted for parallel processing.
  • PRIMATEs (APE, Hanuman, Gibbon) - lightweight and parallel authenticated encryption family.
  • Forkcipher - an expanding symmetric primitive. Its ForkSkinny instance is used for ForkAE authenticated encryption - a Round 2 NIST lightweight cryptography qualifier. ForkAE offers efficiency both for very short messages (PAEF and SAEF) and for longer messages (rPAEF). Forkcipher is also used to build highly secure and efficient counter mode (CTR)-style of encryption called GCTR.
  • Butterknife - highly efficiency and secure, fully parallelizable expanding primitive (pseudorandom expanding function) based on the AES tweakable block cipher Deoxys. Butterknife can be used to build highly efficient, parallelizable, and n-bit (for n-bit cipher inputs) secure deterministic authenticated encryption schemes, such as SAFE and ZAFE.

For privacy-preserving systems

The privacy-preserving cryptographic technologies of multi-party computation, homomorphic encryption, and zero-knowledge proofs, including their popular applications, such as blockchains and cryptocurrencies, require the adoption of symmetric cryptography with specific and distinct efficiency and security requirements. We develop optimized designs like:

  • Hash functions and the ABR tree hashing - an optimally efficient tree hash function for collision security.
  • Ciphers, encryption and authenticated encryption suitable for IoT, MPC, FHE and combined application scenarios.

If you are interested in learning more and collaborating or have questions, reach out to Prof. Elena Andreeva . If you are a student who wants to write your bsc/msc thesis with us, please write a mail to with a subject: provably secure and efficient cryptography