Dagstuhl Seminar 24041
Symmetric Cryptography
( Jan 21 – Jan 26, 2024 )
Permalink
Organizers
- Christof Beierle (Ruhr-Universität Bochum, DE)
- Bart Mennink (Radboud University Nijmegen, NL)
- Maria Naya-Plasencia (INRIA - Paris, FR)
- Yu Sasaki (NTT - Tokyo, JP)
Contact
- Michael Gerke (for scientific matters)
- Simone Schilke (for administrative matters)
Shared Documents
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Schedule
IT Security plays an increasingly crucial role in our everyday life and business. Virtually all modern security solutions are based on cryptographic primitives. Symmetric cryptography deals with the case where both the sender and the receiver of a message are using the same key. Due to their good performance, symmetric cryptosystems are the main workhorses of cryptography and are highly relevant not only for academia, but also for industrial activities. For this Dagstuhl Seminar we focused on several topics, which we believe to be of great importance for the research community and, likewise, to have a positive impact on industry and the deployment of secure crypto in the future.
Follow Up on Main Results from Last Dagstuhl Seminar. At the last Dagstuhl Seminar on symmetric cryptography in 2022, the participants were divided into six groups in order to discuss research topics proposed by each participant. The discussions were very productive and there were and will be publications from several groups. We believe that the discussions and results from these 2022 work groups reflect the main interests of the community and are useful topics to continue to discuss at the Dagstuhl Seminar in 2024. Participants at the 2024 Dagstuhl Seminar who also participated in the work groups in 2022 were thus invited to present their finished results.
Design and Analysis of Symmetric Crypto for New Applications. Recently, the design of symmetric-key primitives has started to focus on different types of optimization. Those optimizations could be with respect to performance and with respect to special security requirements. Stated differently, one first considers a target application (such as multi-party computation or non-interactive zero-knowledge proofs), and only then designs symmetric-key primitives for this purpose. This causes a paradigm shift in design criteria. During this seminar, we explored the security of recently introduced ciphers that were designed specifically for such target applications, and develop novel ciphers with improved security arguments and guarantees.
Generic Analysis of Emerging Modes. Permutation-based cryptography has gained astounding popularity in the last decade, and security proofs are performed in the ideal permutation model. A similar phenomenon is visible in various ideal cipher-based constructions that have appeared recently. In this seminar, we explored how results with different models (such as a standard model and an ideal model) compare from a theoretical perspective, and investigated what cryptanalytical results on certain primitives mean for the targeted construction.
Seminar Program
The seminar program consisted of short presentations and group meetings. Presentations were about the above topics and other relevant areas of symmetric cryptography, including state-of-the-art cryptanalytic techniques and new designs. The list of abstracts for talks given during the seminar can be found below. Also, participants met in smaller groups and spent a significant portion of the week, each group intensively discussing a specific research topic. There were seven research groups:
- Cryptanalysis of Poseidon;
- Cryptanalysis of TEA-3;
- Exploitation of the wrong key randomization hypothesis non-conformity in key recovery attacks;
- Cryptanalysis of SCARF;
- Differential cryptanalysis and more;
- Key control security;
- Security of sponge combiners.
On the last day of the week the leaders of each group gave brief summaries of achievements. An abstract corresponding to each research group can be found in the full report. Some teams continued working on the topic after the seminar and started new research collaborations.
IT Security plays an increasingly crucial role in our everyday life and business. Virtually all modern security solutions are based on cryptographic primitives. Symmetric cryptography deals with the case where both the sender and the receiver of a message are using the same key. Due to their good performance, symmetric cryptosystems are the main workhorses of cryptography and are highly relevant not only for academia, but also for industrial activities. For this Dagstuhl Seminar we plan to focus on several topics, which we believe to be of great importance for the research community and, likewise, to have a positive impact on industry and the deployment of secure crypto in the future.
Follow Up on Main Results from Last Dagstuhl Seminar. At the last Dagstuhl Seminar on symmetric cryptography in 2022, the participants were divided into six groups in order to discuss research topics proposed by each participant. The discussions were very productive and there were and will be publications from several groups. We believe that the discussions and results from these 2022 work groups reflect the main interests of the community and are useful topics to continue to discuss at the Dagstuhl Seminar in 2024. Our plan is to ask participants at the 2024 Dagstuhl Seminar that also participated in the work groups in 2022 to present their finished results. We additionally expect this to lead to further discussions and, without a doubt, to new research ideas.
Evaluation of NIST's Lightweight Recommendations. The US National Institute of Standards and Technology (NIST) acknowledged in 2013 the real-world importance of lightweight cryptography and announced an initiative for standardization. They have been running a public competition since 2018 to determine a standard technology for lightweight cryptography (NIST LWC). At the time of the Dagstuhl Seminar in 2024, NIST will have determined the winner(s) of the competition, and it is expected that the standardized algorithms are implemented in many environments. In such cases, besides the theoretical security of cryptographic algorithms, it is necessary to consider practical security such as nonce-misuse resistance, reuse of unverified plaintext, leakage resilience, and so on. In the Dagstuhl Seminar in 2024, we will focus on these issues, as well as continue to challenge their security through cryptanalysis.
Design and Analysis of Symmetric Crypto for New Applications. Recently, the design of symmetric-key primitives has started to focus on different types of optimization. Those optimizations could be with respect to performance and with respect to special security requirements. Stated differently, one first considers a target application (such as multi-party computation or non-interactive zero-knowledge proofs), and only then designs symmetric-key primitives for this purpose. This causes a paradigm shift in design criteria. In this seminar, we will explore the security of recently introduced ciphers that were designed specifically for such target applications, and develop novel ciphers with improved security arguments and guarantees.
Generic Analysis of Emerging Modes. Permutation-based cryptography has gained astounding popularity in the last decade, and security proofs are performed in the ideal permutation model. A similar phenomenon is visible in various ideal cipher-based constructions that have appeared recently. In this seminar, we want to explore how results with different models (such as a standard model and an ideal model) compare from a theoretical perspective, and we want to investigate what cryptanalytical results on certain primitives mean for the targeted construction.
Seminar Structure. We plan to organize research groups before the commencement of the actual seminar in January 2024 to make the seminar itself more productive. We expect the colleagues that will join the seminar to be fully committed to proposing topics for the research groups and to participating in them. We plan to have a first day of invited talks related to these selected research topics. We will also schedule talks spread over the remaining days to get the opportunity to catch up with what the other researchers are working on.
- Zahra Ahmadian (Shahid Beheshti University - Tehran, IR)
- Subhadeep Banik (University of Lugano, CH)
- Zhenzhen Bao (Tsinghua University - Beijing, CN)
- Christof Beierle (Ruhr-Universität Bochum, DE) [dblp]
- Yanis Belkheyar (Radboud University Nijmegen, NL)
- Ritam Bhaumik (EPFL - Lausanne, CH)
- Christina Boura (University of Versailles, FR)
- Anne Canteaut (INRIA - Paris, FR) [dblp]
- Patrick Derbez (University of Rennes, FR)
- Christoph Dobraunig (Intel - Villach, AT) [dblp]
- Orr Dunkelman (University of Haifa, IL) [dblp]
- Avijit Dutta (TCG CREST - Kolkata, IN)
- Maria Eichlseder (TU Graz, AT) [dblp]
- Patrick Felke (Hochschule Emden/Leer, DE)
- Henri Gilbert (ANSSI - Paris, FR) [dblp]
- Lorenzo Grassi (Ruhr-Universität Bochum, DE) [dblp]
- Rachelle Heim Boissier (University of Versailles, FR)
- Akiko Inoue (NEC - Kawasaki, JP)
- Ryoma Ito (NICT - Tokyo, JP)
- Tetsu Iwata (Nagoya University, JP) [dblp]
- Ashwin Jha (Ruhr-Universität Bochum, DE)
- Antoine Joux (CISPA - Saarbrücken, DE) [dblp]
- Virginie Lallemand (LORIA - Nancy, FR) [dblp]
- Nils Gregor Leander (Ruhr-Universität Bochum, DE) [dblp]
- Charlotte Lefevre (Radboud University Nijmegen, NL)
- Gaëtan Leurent (INRIA - Paris, FR) [dblp]
- Willi Meier (FH Nordwestschweiz - Windisch, CH) [dblp]
- Bart Mennink (Radboud University Nijmegen, NL) [dblp]
- Kazuhiko Minematsu (NEC - Kawasaki, JP) [dblp]
- Mridul Nandi (Indian Statistical Institute - Kolkata, IN) [dblp]
- Maria Naya-Plasencia (INRIA - Paris, FR) [dblp]
- Patrick Neumann (Ruhr-Universität Bochum, DE)
- Léo Perrin (INRIA - Paris, FR) [dblp]
- Bart Preneel (KU Leuven, BE) [dblp]
- Shahram Rasoolzadeh (Radboud University Nijmegen, NL)
- Christian Rechberger (TU Graz, AT) [dblp]
- Yann Rotella (University of Versailles, FR)
- Sondre Rønjom (University of Bergen, NO)
- Dhiman Saha (Indian Institute of Technology Bhilai - Durg, IN)
- Yu Sasaki (NTT - Tokyo, JP) [dblp]
- Ferdinand Sibleyras (NTT - Tokyo, JP)
- Meltem Sonmez Turan (NIST - Gaithersburg, US)
- Siwei Sun (University of Chinese Academy of Sciences, CN)
- Stefano Tessaro (University of Washington - Seattle, US) [dblp]
- Aishwarya Thiruvengadam (Indian Institute of Techology Madras, IN)
- Tyge Tiessen (Technical University of Denmark - Lyngby, DK) [dblp]
- Yosuke Todo (NTT - Tokyo, JP) [dblp]
- Aleksei Udovenko (University of Luxembourg, LU) [dblp]
- Qingju Wang (University of Luxembourg, LU) [dblp]
Related Seminars
- Dagstuhl Seminar 07021: Symmetric Cryptography (2007-01-07 - 2007-01-12) (Details)
- Dagstuhl Seminar 09031: Symmetric Cryptography (2009-01-11 - 2009-01-16) (Details)
- Dagstuhl Seminar 12031: Symmetric Cryptography (2012-01-15 - 2012-01-20) (Details)
- Dagstuhl Seminar 14021: Symmetric Cryptography (2014-01-05 - 2014-01-10) (Details)
- Dagstuhl Seminar 16021: Symmetric Cryptography (2016-01-10 - 2016-01-15) (Details)
- Dagstuhl Seminar 18021: Symmetric Cryptography (2018-01-07 - 2018-01-12) (Details)
- Dagstuhl Seminar 20041: Symmetric Cryptography (2020-01-19 - 2020-01-24) (Details)
- Dagstuhl Seminar 22141: Symmetric Cryptography (2022-04-03 - 2022-04-08) (Details)
- Dagstuhl Seminar 26061: Symmetric Cryptography (2026-02-01 - 2026-02-06) (Details)
Classification
- Cryptography and Security
Keywords
- symmetric cryptography
- (quantum) cryptanalysis
- provable security