NIST hosted a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland.
NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP) with a reduction proof to the security of the underlying block cipher.
The term “accordion cipher mode” (or “accordion mode,” for short) is introduced to indicate that the mode would act as a cipher, not only on a single block but on a range of input sizes. A well-designed accordion mode could potentially provide significant advantages over most of the block cipher modes that NIST currently approves. For example, an accordion mode could provide better resistance to cut-and-paste attacks than CBC, or it could be adapted to provide authenticated encryption with associated data (AEAD) with better properties than GCM, such as resistance to nonce misuse, support for short tags, nonce hiding, and key commitment. An accordion mode could also be adapted to provide key wrapping that is more efficient than KW and KWP.
NIST has developed a Proposal of Requirements for an Accordion Mode: Discussion Draft for the NIST Accordion Mode Workshop 2024. The aims of this document are to 1) establish terminology and notation for the development effort, 2) discuss the design requirements for an accordion mode, and 3) identify related topics for discussion during the workshop. The goal of the workshop is to solicit public input on the specific requirements for the design and use of an accordion mode and the evaluation criteria in the development process. Potential topics for discussion include:Updates and additional information will be posted to the workshop website and ciphermodes-forum email distribution list. Instructions for subscribing to the email forum can be found at https://csrc.nist.gov/Projects/block-cipher-techniques/email-list-ciphermodes-forum.
Workshop Announcement/Call for Abstracts (PDF)
Inquiries: ciphermodes@nist.gov
Accordion Cipher-mode Preferable Features (pptx - will be posted after presentation)
Tushar Patel
Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption
Christoph Dobraunig, Krystian Matusiewicz, Bart Mennink, and Alexander Tereschenko
Universal Hash Designs for an Accordion Mode
Jean Paul Degabriele, Jan Gilcher, Jérôme Govinden and Kenneth G. Paterson
Committing Wide Encryption Mode with Minimum Ciphertext Expansion
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara
Security Goals for an Accordion Mode: Release of Unverified Plaintext and Multi-user Security
John H., Charlotte S., and Guy B.
Requirements for an Accordion Mode
John H., Charlotte S., and Guy B.
Accordion mode based on Hash-Encrypt-Hash
Hieu Nguyen Duy, Pablo García Fernández, Aleksei Udovenko, and Alex Biryukov
A BBB Secure Accordion Mode from HCTR (pptx - will be posted after presentation)
Byeonghak Lee
Galois Extended Mode
Scott Arciszewski, Jim Miller, Tjaden Hess, and Opal Wright
Comments on NIST Requirements for an Accordion Cipher Mode
John Preuß Mattsson, Ben Smeets, and Erik Thormarker
Double-Nonce-Derive-Key-GCM (DNDK-GCM) General design paradigms and application (update coming soon)
Shay Gueron
Information-theoretic security with asymmetries
Tim Beyne and Yu Long Chen
Selected Presentations | |
---|---|
June 20, 2024 | Type |
9:10 AM
Overview of the NIST Block Cipher Modes Project Meltem Sönmez Turan - NIST |
Presentation |
9:35 AM
Introduction to the Accordion Mode and Derived Functions Alyssa Thompson - NSA/NIST |
Presentation |
10:30 AM
Toward a New Block Cipher Mode Standard: Reasoning about Requirements Nicky Mouha - Strativia |
Presentation |
11:20 AM
Comments on NIST Requirements for an Accordion Cipher Mode John Preuß Mattsson - Ericsson |
Presentation |
11:40 AM
Security Goals for an Accordion Mode: Release of Unverified Plaintext and Multi-user Security Guy B. - NCSC |
Presentation |
1:20 PM
NIST Options for Encryption Algorithms and Modes of Operation Andrew Regenscheid - NIST |
Presentation |
3:00 PM
Accordion Cipher-mode Preferable Features Tushar Patel - ATNA-CIPHER, LLC. |
Presentation |
3:20 PM
Requirements for an Accordion Mode Guy B. - NCSC |
Presentation |
June 21, 2024 | Type |
9:20 AM
Galois Extended Mode Scott Arciszewski - Trail of Bits |
Presentation |
9:40 AM
Double-Nonce-Derive-Key-GCM (DNDK-GCM) General Design Paradigms and Application Shay Gueron - University of Haifa and Meta |
Presentation |
10:30 AM
Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption Christoph Dobraunig - Intel Labs |
Presentation |
10:50 AM
Universal Hash Designs for an Accordion Mode Jean Paul Degabriele - Technology Innovation Institute |
Presentation |
11:10 AM
Accordion mode based on Hash-Encrypt-Hash Pablo Garcia Fernandez - University of Luxembourg |
Presentation |
1:20 PM
Committing Wide Encryption Mode with Minimum Ciphertext Expansion Yusuke Naito - Mitsubishi Electric Corporation |
Presentation |
1:40 PM
A BBB Secure Accordion Mode from HCTR Byeonghak Lee - Samsung SDS |
Presentation |
2:00 PM
Information-theoretic Security with Asymmetries Yu Long Chen - KU Leuven and NIST |
Presentation |
3:10 PM
Preliminary NIST Proposal for a Development Process Morris Dworkin - NIST |
Presentation |
3:30 PM
Open Discussion and Next Steps Meltem Sönmez Turan - NIST |
Presentation |
Starts: June 20, 2024 - 09:00 AM EDT
Ends: June 21, 2024 - 05:00 PM EDT
Format: In-person Type: Workshop
Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other
National Cybersecurity Center of Excellence (NCCoE) 9700 Great Seneca Highway Rockville, MD 20850
Security and Privacy: authentication, cryptography