Consider implementing Aegis

[paulmillr]

Aegis is AES-based cipher present in linux, zig, libsodium: https://doc.libsodium.org/secret-key_cryptography/aead/aegis-256

Reasons to add: https://crypto.stackexchange.com/a/106125

Reasons not to add: unpopular

[paulmillr]

https://csrc.nist.gov/csrc/media/Presentations/2023/proposal-for-standardization-of-encryption-schemes/images-media/sess-4-mattsson-bcm-workshop-2023.pdf

mentions "We think NIST should standardize AEGIS" because it supports plaintexts up to 2EiB instead of AES-GCM 64GiB