Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Other (Initial Preliminary Draft)

Proposal of Requirements for an Accordion Mode: Discussion Draft for the NIST Accordion Mode Workshop 2024

Date Published: April 10, 2024
Comments Due: July 1, 2024
Email Comments to:


Yu Long Chen (NIST), Michael Davidson (NIST), Morris Dworkin (NIST), Jinkeon Kang (NIST), John Kelsey (NIST), Yu Sasaki (NIST), Meltem Sönmez Turan (NIST), Donghoon Chang (Strativia), Nicky Mouha (Strativia), Alyssa Thompson (NSA)


NIST intends to develop a new block cipher mode of operation that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP). NIST introduces the term accordion cipher mode — or simply accordion mode — for the proposed mode because it would act as a cipher on a range of sizes for the message input. In order to facilitate the vetting of the accordion mode, NIST expects to require a reduction proof to the security of the underlying block cipher.

A well-designed accordion mode could provide security and performance advantages over the block cipher modes specified in the SP 800-38 series. For example, an accordion mode may provide additional features, better implementation and better security properties than AES-GCM, including, but not limited to, nonce-misuse resistance, support for short tags, nonce hiding, and key commitment, etc.

The aims of this document are to 1) establish terminology and notation for the development effort, 2) discuss the design requirements for an accordion mode, and 3) identify related topics for discussion at the upcoming Accordion Cipher Mode Workshop 2024. In some cases, NIST offers preliminary proposals to prompt and focus the discussions. At a minimum, NIST would like to get sufficient feedback to decide appropriate parameter sizes. Public feedback will also be used to determine the next steps in the development effort.

This document describes three categories of applications for an accordion mode and for each category indicates how a derived function could satisfy the application. The choice and standardization of particular derived functions may be of independent interest, once an accordion mode is developed and approved. For the purposes of the workshop, NIST is mostly interested in how the derived functions should affect the design requirements or evaluation criteria.

In addition to feedback during the workshop, NIST welcomes written comments on the proposed development effort. Comments should be submitted to by July 1, 2024.

Control Families

None selected


Proposal (Discussion Draft) (pdf)

Supplemental Material:
Mailing List
Accordion Cipher Mode Workshop 2024

Document History:
04/10/24: Other (Draft)