IT Security plays an increasingly crucial role in our everyday life and business. Virtually all modern security solutions are based on cryptographic primitives. Symmetric cryptography deals with the case where both the sender and the receiver of a message are using the same key. Due to their good performance, symmetric cryptosystems are the main workhorses of cryptography and are highly relevant not only for academia, but also for industrial activities. For this Dagstuhl Seminar we plan to focus on several topics, which we believe to be of great importance for the research community and, likewise, to have a positive impact on industry and the deployment of secure crypto in the future.

Follow Up on Main Results from Last Dagstuhl Seminar. At the last Dagstuhl Seminar on symmetric cryptography in 2022, the participants were divided into six groups in order to discuss research topics proposed by each participant. The discussions were very productive and there were and will be publications from several groups. We believe that the discussions and results from these 2022 work groups reflect the main interests of the community and are useful topics to continue to discuss at the Dagstuhl Seminar in 2024. Our plan is to ask participants at the 2024 Dagstuhl Seminar that also participated in the work groups in 2022 to present their finished results. We additionally expect this to lead to further discussions and, without a doubt, to new research ideas.

Evaluation of NIST's Lightweight Recommendations. The US National Institute of Standards and Technology (NIST) acknowledged in 2013 the real-world importance of lightweight cryptography and announced an initiative for standardization. They have been running a public competition since 2018 to determine a standard technology for lightweight cryptography (NIST LWC). At the time of the Dagstuhl Seminar in 2024, NIST will have determined the winner(s) of the competition, and it is expected that the standardized algorithms are implemented in many environments. In such cases, besides the theoretical security of cryptographic algorithms, it is necessary to consider practical security such as nonce-misuse resistance, reuse of unverified plaintext, leakage resilience, and so on. In the Dagstuhl Seminar in 2024, we will focus on these issues, as well as continue to challenge their security through cryptanalysis.

Design and Analysis of Symmetric Crypto for New Applications. Recently, the design of symmetric-key primitives has started to focus on different types of optimization. Those optimizations could be with respect to performance and with respect to special security requirements. Stated differently, one first considers a target application (such as multi-party computation or non-interactive zero-knowledge proofs), and only then designs symmetric-key primitives for this purpose. This causes a paradigm shift in design criteria. In this seminar, we will explore the security of recently introduced ciphers that were designed specifically for such target applications, and develop novel ciphers with improved security arguments and guarantees.

Generic Analysis of Emerging Modes. Permutation-based cryptography has gained astounding popularity in the last decade, and security proofs are performed in the ideal permutation model. A similar phenomenon is visible in various ideal cipher-based constructions that have appeared recently. In this seminar, we want to explore how results with different models (such as a standard model and an ideal model) compare from a theoretical perspective, and we want to investigate what cryptanalytical results on certain primitives mean for the targeted construction.

Seminar Structure. We plan to organize research groups before the commencement of the actual seminar in January 2024 to make the seminar itself more productive. We expect the colleagues that will join the seminar to be fully committed to proposing topics for the research groups and to participating in them. We plan to have a first day of invited talks related to these selected research topics. We will also schedule talks spread over the remaining days to get the opportunity to catch up with what the other researchers are working on.

Creative Commons BY 4.0

Christof Beierle, Bart Mennink, Maria Naya-Plasencia, and Yu Sasaki

• Zahra Ahmadian (Shahid Beheshti University - Tehran, IR)
• Subhadeep Banik (University of Lugano, CH)
• Zhenzhen Bao (Tsinghua University - Beijing, CN)
• Christof Beierle (Ruhr-Universität Bochum, DE) [dblp]
• Yanis Belkheyar (Radboud University Nijmegen, NL)
• Ritam Bhaumik (EPFL - Lausanne, CH)
• Christina Boura (University of Versailles, FR)
• Anne Canteaut (INRIA - Paris, FR) [dblp]
• Patrick Derbez (University of Rennes, FR)
• Christoph Dobraunig (Intel - Villach, AT) [dblp]
• Orr Dunkelman (University of Haifa, IL) [dblp]
• Avijit Dutta (TCG CREST - Kolkata, IN)
• Maria Eichlseder (TU Graz, AT) [dblp]
• Patrick Felke (Hochschule Emden/Leer, DE)
• Henri Gilbert (ANSSI - Paris, FR) [dblp]
• Lorenzo Grassi (Ruhr-Universität Bochum, DE) [dblp]
• Rachelle Heim Boissier (University of Versailles, FR)
• Akiko Inoue (NEC - Kawasaki, JP)
• Ryoma Ito (NICT - Tokyo, JP)
• Tetsu Iwata (Nagoya University, JP) [dblp]
• Ashwin Jha (Ruhr-Universität Bochum, DE)
• Antoine Joux (CISPA - Saarbrücken, DE) [dblp]
• Virginie Lallemand (LORIA - Nancy, FR) [dblp]
• Nils Gregor Leander (Ruhr-Universität Bochum, DE) [dblp]
• Charlotte Lefevre (Radboud University Nijmegen, NL)
• Gaëtan Leurent (INRIA - Paris, FR) [dblp]
• Willi Meier (FH Nordwestschweiz - Windisch, CH) [dblp]
• Bart Mennink (Radboud University Nijmegen, NL) [dblp]
• Kazuhiko Minematsu (NEC - Kawasaki, JP) [dblp]
• Mridul Nandi (Indian Statistical Institute - Kolkata, IN) [dblp]
• Maria Naya-Plasencia (INRIA - Paris, FR) [dblp]
• Patrick Neumann (Ruhr-Universität Bochum, DE)
• Léo Perrin (INRIA - Paris, FR) [dblp]
• Bart Preneel (KU Leuven, BE) [dblp]
• Shahram Rasoolzadeh (Radboud University Nijmegen, NL)
• Christian Rechberger (TU Graz, AT) [dblp]
• Yann Rotella (University of Versailles, FR)
• Sondre Rønjom (University of Bergen, NO)
• Dhiman Saha (Indian Institute of Technology Bhilai - Durg, IN)
• Yu Sasaki (NTT - Tokyo, JP) [dblp]
• Ferdinand Sibleyras (NTT - Tokyo, JP)
• Meltem Sonmez Turan (NIST - Gaithersburg, US)
• Siwei Sun (University of Chinese Academy of Sciences, CN)
• Stefano Tessaro (University of Washington - Seattle, US) [dblp]
• Aishwarya Thiruvengadam (Indian Institute of Techology Madras, IN)
• Tyge Tiessen (Technical University of Denmark - Lyngby, DK) [dblp]
• Yosuke Todo (NTT - Tokyo, JP) [dblp]
• Aleksei Udovenko (University of Luxembourg, LU) [dblp]
• Qingju Wang (University of Luxembourg, LU) [dblp]