June 20, 2024
John Preuß Mattsson - Ericsson
We welcome NIST’s plans to develop a new tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP) and derived functions. We think that a tweakable VILSPRP is the correct target, and we really like the name accordion cipher. Building derived functions such as AEAD, tweakable encryption, key wrap, etc., as functions derived from the accordion cipher seems like the correct approach. A well-designed accordion cipher with derived functions could provide significantly improved properties compared to many of the cipher modes that NIST currently approves. In addition to very strong cryptographic properties, we think the derived functions should provide good usability and usable security. Interfaces and guidelines should be chosen to minimize the demands on users and implementers, as well as the adverse consequences of human mistakes. The practical use of the new accordion cipher will heavily depend on its performance and other properties.
Workshop on the Requirements for an Accordion Cipher Mode 2024