SAEAES is a lightweight authenticated encryption algorithm.


SAEAES is a family of authenticated encryption algorithm developed by Mitsubishi Electric Corporation and The University of Electro-Communications, and submitted to Lightweight Cryptography Project by National Institute of Standards and Technology (NIST).



SAEAES is based on SAEB, which is a mode of operation that extends a block cipher into authenticated encryption that provides both confidentiality and integrity of a message. SAEAES is an instantiation of SAEB with the standard block cipher AES. The name SAEAES is named by replacing the B for block cipher with AES.


AES is the NIST standard block cipher. Because of the intensive use of AES, more and more platforms have hardware accelerators for AES. Major CPUs such as x86 and ARM have special instructions for accelerating AES. Besides, many microcontrollers, used in embedded systems like automotive ECUs and smartcards, have AES co-processors. SAEAES enjoys the benefit of these hardware accelerators as an algorithm based on AES.


SAEB is a lightweight block cipher-based authenticated encryption explicitly designed to provide excellent performances in platforms with limited computational resources. SAEB can be realized with smaller memory footprint in software implementations and with smaller circuit area in hardware implementations.


SAEB follows the sponge-based design methodology but uses a block cipher instead of a permutation. Five features that make SAEB suitable for lightweight implementations.

  1. Minimum internal state size: no additional state is needed on top of the ones within the block cipher.
  2. Inverse free: block cipher decryption is not used.
  3. XOR only: the additional operation other than block cipher encryption is XOR only.
  4. Online: an incoming message is scanned only once (rate 1).
  5. Efficient static AD handling: the result of the hash can be reused for another message with the same AD.


  1. Y. Naito, M. Matsui, T. Sugawara, and D. Suzuki, “SAEB: A Lightweight Blockcipher-Based AEAD Mode of Operation,” IACR Trans. Cryptographic Hardware and Embedded Systems 2018(2): 192-217 (2018), PDF.
  2. Y. Naito, M. Matsui, T. Sugawara, and D. Suzuki, “SAEB: A Lightweight Blockcipher-Based AEAD Mode of Operation,” Cryptology ePrint Archive, Report 2019/700, 2019 PDF.
  3. NIST Lightweight Cryptography Project link
  4. NIST, “Status Report on the First Round of the NIST Lightweight Cryptography Standardization Process,” NISTIR 8268, 2019 PDF.