NIST will host a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland.
Important Dates
NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP) with a reduction proof to the security of the underlying block cipher.
The term “accordion cipher mode” (or “accordion mode,” for short) is introduced to indicate that the mode would act as a cipher, not only on a single block but on a range of input sizes. A well-designed accordion mode could potentially provide significant advantages over most of the block cipher modes that NIST currently approves. For example, an accordion mode could provide better resistance to cut-and-paste attacks than CBC, or it could be adapted to provide authenticated encryption with associated data (AEAD) with better properties than GCM, such as resistance to nonce misuse, support for short tags, nonce hiding, and key commitment. An accordion mode could also be adapted to provide key wrapping that is more efficient than KW and KWP.
NIST has developed a Proposal of Requirements for an Accordion Mode: Discussion Draft for the NIST Accordion Mode Workshop 2024. The aims of this document are to 1) establish terminology and notation for the development effort, 2) discuss the design requirements for an accordion mode, and 3) identify related topics for discussion during the workshop. The goal of the workshop is to solicit public input on the specific requirements for the design and use of an accordion mode and the evaluation criteria in the development process. Potential topics for discussion include:
Attendees may submit extended abstracts or slides for a short presentation (up to 10 minutes) for any number of the sessions. Submissions must be provided electronically in PDF format and sent to ciphermodes@nist.gov by May 1, 2024. NIST will post the accepted abstracts and presentations on the workshop website, though no formal proceedings will be published.
Most of the workshop sessions are expected to include a panel discussion or extensive open discussion. Time will also be allotted for impromptu “lightning talks” — brief presentations of recent research results without slides. All sessions and lightning talks will be recorded.
Waivers of the registration fee are available for a limited number of students, but no waivers are available for speakers.
Updates and additional information will be posted to the workshop website and ciphermodes-forum email distribution list. Instructions for subscribing to the email forum can be found at https://csrc.nist.gov/Projects/block-cipher-techniques/email-list-ciphermodes-forum.
Workshop Announcement/Call for Abstracts (PDF)
Inquiries: ciphermodes@nist.gov
Papers/Abstracts will be added on/around June 3.
Accordion Cipher-mode Preferable Features
Tushar Patel
Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption
Christoph Dobraunig, Krystian Matusiewicz, Bart Mennink, and Alexander Tereschenko
Universal Hash Designs for an Accordion Mode
Jean Paul Degabriele, Jan Gilcher, Jérôme Govinden and Kenneth G. Paterson
Committing Wide Encryption Mode with Minimum Ciphertext Expansion
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara
Security Goals for an Accordion Mode: Release of Unverified Plaintext and Multi-user Security
John H., Charlotte S., and Guy B.
Requirements for an Accordion Mode
John H., Charlotte S., and Guy B.
Accordion mode based on Hash-Encrypt-Hash
Hieu Nguyen Duy, Pablo García Fernández, Aleksei Udovenko, and Alex Biryukov
A BBB Secure Accordion Mode from HCTR
Byeonghak Lee
Galois Extended Mode
Scott Arciszewski, Jim Miller, Tjaden Hess, and Opal Wright
Comments on NIST Requirements for an Accordion Cipher Mode
John Preuß Mattsson, Ben Smeets, and Erik Thormarker
Double-Nonce-Derive-Key-GCM (DNDK-GCM) General design paradigms and application
Shay Gueron
Information-theoretic security with asymmetries
Tim Beyne and Yu Long Chen
Advance registration is required. There is no on-site registration for in-person events held at NIST campuses. Please see the Security Instructions below for more details.
Registration Fee: 300.00 USD
Registration fee includes:
Register Now! Registration will close June 13.
Registration Questions: conferences@nist.gov
Courtyard Gaithersburg Washingtonian Center
204 Boardwalk Place Gaithersburg, Maryland 20878
Room Rate: $258 USD per night plus taxes. Last day to book your room: May 29, 2024
Hotel reservation/group rate includes:
CLICK HERE to make your reservation.
For more information, visit the hotel's website.
*Visitor Access Requirement:
All attendees must be pre-registered to access the National Cybersecurity Center of Excellence (NCCoE).
For Non-US Citizens: Please have your valid passport for photo identification.
For US Permanent Residents: Please have your green card for photo identification.
For US Citizens: Please have your state-issued driver's license. Regarding Real-ID requirements, all states are in compliance or have an extension through May 2025.
NIST also accepts other forms of federally issued identification in lieu of a state-issued driver's license, such as a valid passport, passport card, DOD's Common Access Card (CAC), Veterans ID, Federal Agency HSPD-12 IDs, and Military Dependents ID.
Starts: June 20, 2024 - 09:00 AM EDT
Ends: June 21, 2024 - 05:00 PM EDT
Format: In-person Type: Workshop
Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other
National Cybersecurity Center of Excellence (NCCoE) 9700 Great Seneca Highway Rockville, MD 20850
Security and Privacy: authentication, cryptography