Multi-user Security of the Elephant v2 Authenticated Encryption Mode

Tim Beyne, Yu Long Chen, Christoph Erwin Dobraunig*, Bart Mennink

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


One of the finalists in the NIST Lightweight Cryptography competition is Elephant v2, a parallelizable, permutation-based authenticated encryption scheme. The original first/second-round submission Elephant v1/v1.1 was proven secure against nonce-respecting adversaries in the single-user setting. For the final round, the mode has undergone certain subtle modifications, the most important one being a change in the authentication portion of the mode. These changes require a new dedicated security proof. In this work, we prove the security of the Elephant v2 mode. First of all, our proof shows that Elephant v2 is indeed a secure authenticated encryption scheme and that its security against nonce-respecting adversaries is on par with that of Elephant v1/v1.1. In addition, our security analysis is in the multi-user setting and demonstrates that Elephant v2 fares well if multiple devices use Elephant v2 with independent keys. Moreover, our proof shows that Elephant v2 even ensures authenticity under nonce misuse.

Original languageEnglish
Title of host publicationSelected Areas in Cryptography - 28th International Conference, Revised Selected Papers
Subtitle of host publicationSAC 2021
EditorsRiham AlTawy, Andreas Hülsing
Place of PublicationCham
Number of pages24
ISBN (Electronic)978-303099276-7
ISBN (Print)9783030992767
Publication statusPublished - 2022
Externally publishedYes
Event28th International Conference on Selected Areas in Cryptography: SAC 2021 - Virtuell, Canada
Duration: 29 Sept 20211 Oct 2021

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
ISSN (Print)0302-9743


Conference28th International Conference on Selected Areas in Cryptography
Abbreviated titleSAC 2021


  • Authenticated encryption
  • Elephant
  • Lightweight
  • Multi-user security
  • Nonce-misuse

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Cite this