Our new paper 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher was published at FSE 2021.

We present an efficiency comparison of GCTR (generalized counter mode) using ForkSkinny (MFC with s=2) with the traditional CTR and the more recent CTRT modes, both instantiated with the SKINNY TBC. Our estimations show that any GCTR variant with ForkSkinny can achieve an efficiency advantage of over 20% for moderately long messages, illustrating that the use of an efficient MFC with s≥2 brings a clear speed-up.

Our results show that many of the GCTR variants achieve from well beyond birthday bound (BBB) to full n-bit security under nonce respecting adversaries and some even BBB and close to full n-bit security in the face of realistic nonce misuse conditions.