Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Workshop on the Requirements for an Accordion Cipher Mode 2024

NIST hosted a workshop on the development of a new block cipher mode of operation on June 20–21, 2024, at the National Cybersecurity Center of Excellence in Rockville, Maryland. 

NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP) with a reduction proof to the security of the underlying block cipher.

The term “accordion cipher mode” (or “accordion mode,” for short) is introduced to indicate that the mode would act as a cipher, not only on a single block but on a range of input sizes. A well-designed accordion mode could potentially provide significant advantages over most of the block cipher modes that NIST currently approves. For example, an accordion mode could provide better resistance to cut-and-paste attacks than CBC, or it could be adapted to provide authenticated encryption with associated data (AEAD) with better properties than GCM, such as resistance to nonce misuse, support for short tags, nonce hiding, and key commitment. An accordion mode could also be adapted to provide key wrapping that is more efficient than KW and KWP.

NIST has developed a Proposal of Requirements for an Accordion Mode: Discussion Draft for the NIST Accordion Mode Workshop 2024. The aims of this document are to 1) establish terminology and notation for the development effort, 2) discuss the design requirements for an accordion mode, and 3) identify related topics for discussion during the workshop. The goal of the workshop is to solicit public input on the specific requirements for the design and use of an accordion mode and the evaluation criteria in the development process. Potential topics for discussion include:
  • Parameter lengths for the accordion mode: keys, tweaks, data input
  • Whether the accordion mode should support an underlying block cipher with 256-bit blocks
  • Formal security goals for the accordion mode
  • Requirements and features for the main use cases (e.g., AEAD )
  • Potential design strategies
  • Performance targets
  • Implementation considerations
  • The development and standardization process.

Updates and additional information will be posted to the workshop website and ciphermodes-forum email distribution list. Instructions for subscribing to the email forum can be found at https://csrc.nist.gov/Projects/block-cipher-techniques/email-list-ciphermodes-forum.

Workshop Announcement/Call for Abstracts (PDF)

Inquiries:  ciphermodes@nist.gov

Accordion Cipher-mode Preferable Features  (pptx - will be posted after presentation)
Tushar Patel 

Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption 
Christoph Dobraunig, Krystian Matusiewicz, Bart Mennink, and Alexander Tereschenko 

Universal Hash Designs for an Accordion Mode 
Jean Paul Degabriele, Jan Gilcher, Jérôme Govinden and Kenneth G. Paterson 

Committing Wide Encryption Mode with Minimum Ciphertext Expansion 
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara 

Security Goals for an Accordion Mode: Release of Unverified Plaintext and Multi-user Security 
John H., Charlotte S., and Guy B. 

Requirements for an Accordion Mode 
John H., Charlotte S., and Guy B. 

Accordion mode based on Hash-Encrypt-Hash 
Hieu Nguyen Duy, Pablo García Fernández, Aleksei Udovenko, and Alex Biryukov 

A BBB Secure Accordion Mode from HCTR (pptx - will be posted after presentation)
Byeonghak Lee 

Galois Extended Mode 
Scott Arciszewski, Jim Miller, Tjaden Hess, and Opal Wright 

Comments on NIST Requirements for an Accordion Cipher Mode 
John Preuß Mattsson, Ben Smeets, and Erik Thormarker 

Double-Nonce-Derive-Key-GCM (DNDK-GCM) General design paradigms and application (update coming soon)
Shay Gueron 

Information-theoretic security with asymmetries 
Tim Beyne and Yu Long Chen 


Selected Presentations
June 20, 2024 Type
9:10 AM Overview of the NIST Block Cipher Modes Project
Meltem Sönmez Turan - NIST
Presentation
9:35 AM Introduction to the Accordion Mode and Derived Functions
Alyssa Thompson - NSA/NIST
Presentation
10:30 AM Toward a New Block Cipher Mode Standard: Reasoning about Requirements
Nicky Mouha - Strativia
Presentation
11:20 AM Comments on NIST Requirements for an Accordion Cipher Mode
John Preuß Mattsson - Ericsson
Presentation
11:40 AM Security Goals for an Accordion Mode: Release of Unverified Plaintext and Multi-user Security
Guy B. - NCSC
Presentation
1:20 PM NIST Options for Encryption Algorithms and Modes of Operation​
Andrew Regenscheid - NIST
Presentation
3:00 PM Accordion Cipher-mode Preferable Features
Tushar Patel - ATNA-CIPHER, LLC.
Presentation
3:20 PM Requirements for an Accordion Mode
Guy B. - NCSC
Presentation
June 21, 2024 Type
9:20 AM Galois Extended Mode
Scott Arciszewski - Trail of Bits
Presentation
9:40 AM Double-Nonce-Derive-Key-GCM (DNDK-GCM) General Design Paradigms and Application
Shay Gueron - University of Haifa and Meta
Presentation
10:30 AM Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption
Christoph Dobraunig - Intel Labs
Presentation
10:50 AM Universal Hash Designs for an Accordion Mode
Jean Paul Degabriele - Technology Innovation Institute
Presentation
11:10 AM Accordion mode based on Hash-Encrypt-Hash
Pablo Garcia Fernandez - University of Luxembourg
Presentation
1:20 PM Committing Wide Encryption Mode with Minimum Ciphertext Expansion
Yusuke Naito - Mitsubishi Electric Corporation
Presentation
1:40 PM A BBB Secure Accordion Mode from HCTR
Byeonghak Lee - Samsung SDS
Presentation
2:00 PM Information-theoretic Security with Asymmetries
Yu Long Chen - KU Leuven and NIST
Presentation
3:10 PM Preliminary NIST Proposal for a Development Process
Morris Dworkin - NIST
Presentation
3:30 PM Open Discussion and Next Steps
Meltem Sönmez Turan - NIST
Presentation

Event Details

Starts: June 20, 2024 - 09:00 AM EDT
Ends: June 21, 2024 - 05:00 PM EDT

Format: In-person Type: Workshop

Agenda

Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other


Location

National Cybersecurity Center of Excellence (NCCoE)
9700 Great Seneca Highway
Rockville, MD 20850

Parent Project

See: Block Cipher Techniques

Related Topics

Security and Privacy: authentication, cryptography

Created March 05, 2024, Updated July 03, 2024