Nonce-Misuse Resilience of Romulus-N and GIFT-COFB.

Nonce-misuse resilience (NMRL) security of Romulus-N and GIFT-COFB is analysed, the two finalists of NIST Lightweight Cryptography project for standardising lightweight authenticated encryption. NMRL, introduced by Ashur et al. at CRYPTO 2017, is a relaxed security notion from a stronger, nonce-misuse resistance notion. The authors have proved that Romulus-N and GIFT- COFB have nonce-misuse resilience. For Romulus-N, the perfect privacy (NMRL-PRIV) and n/2-bit authenticity (NMRL-AUTH) with graceful degradation with respect to nonce repetition are showed. For GIFT-COFB, n/4-bit security for both NMRL-PRIV and NMRL-AUTH notions is showed.