Date Published: April 10, 2024
Comments Due: July 1, 2024 (public comment period is CLOSED)
Email Questions to:
ciphermodes@nist.gov
NIST intends to develop a new block cipher mode of operation that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP). NIST introduces the term accordion cipher mode — or simply accordion mode — for the proposed mode because it would act as a cipher on a range of sizes for the message input. In order to facilitate the vetting of the accordion mode, NIST expects to require a reduction proof to the security of the underlying block cipher.
A well-designed accordion mode could provide security and performance advantages over the block cipher modes specified in the SP 800-38 series. For example, an accordion mode may provide additional features, better implementation and better security properties than AES-GCM, including, but not limited to, nonce-misuse resistance, support for short tags, nonce hiding, and key commitment, etc.
The aims of this document are to 1) establish terminology and notation for the development effort, 2) discuss the design requirements for an accordion mode, and 3) identify related topics for discussion at the upcoming Accordion Cipher Mode Workshop 2024. In some cases, NIST offers preliminary proposals to prompt and focus the discussions. At a minimum, NIST would like to get sufficient feedback to decide appropriate parameter sizes. Public feedback will also be used to determine the next steps in the development effort.
This document describes three categories of applications for an accordion mode and for each category indicates how a derived function could satisfy the application. The choice and standardization of particular derived functions may be of independent interest, once an accordion mode is developed and approved. For the purposes of the workshop, NIST is mostly interested in how the derived functions should affect the design requirements or evaluation criteria.
In addition to feedback during the workshop, NIST welcomes written comments on the proposed development effort. Comments should be submitted to ciphermodes@nist.gov by July 1, 2024.
None selected
Publication:
Proposal (Discussion Draft) (pdf)
Supplemental Material:
Mailing List
Accordion Cipher Mode Workshop 2024
Document History:
04/10/24: Other (Draft)