10.01.16 - 15.01.16, Seminar 16021

Symmetric Cryptography

Diese Seminarbeschreibung wurde vor dem Seminar auf unseren Webseiten veröffentlicht und bei der Einladung zum Seminar verwendet.

Motivation

The aim of the seminar is to bring together leading experts and exceptionally talented junior researchers working in the field of Symmetric Cryptography. Most of the participants are expected to give presentations on their current research. The schedule will ensure ample time for discussions and ad hoc sessions without talks prepared in advance of the seminar. We plan to hold one or two “brainstorming” or “rump” sessions, to discuss unfinished ideas, to present very recent results (perhaps found during the course of the seminar), and to reflect the current state of symmetric cryptography in general. The seminar will concentrate on the design and analysis of symmetric cryptographic primitives. Special focus will be put on the following two topics.

Authenticated encryption
At the Dagstuhl Seminar “Symmetric Cryptography” in 2012, the research question of schemes for authenticated encryption has been vividly discussed among the participants. The direction has been strongly supported by the community, and the CAESAR project (Competition for Authenticated Encryption: Security, Applicability, and Robustness) has been initiated. At the Dagstuhl Seminar “Symmetric Cryptography” in 2014, which took place roughly two months before the CAESAR submission deadline, several initial ideas for the constructions were presented, and there were presentations regarding the security definitions. The Dagstuhl Seminar “Symmetric Cryptography” in 2016 will take place in the middle of the CAESAR competition; it will be two years from the submission deadline and about two years until the announcement of the final portfolio. Therefore, this will be the perfect point in time to sum up the research done so far, to exchange ideas and to discuss future directions.

Even-Mansour Designs
In 1992, Even and Mansour proposed a new design paradigm that can be seen as the abstraction of the framework adopted in the design of AES. The design framework is highly relevant in practice, and it has been adopted in a variety of recent hash functions, block ciphers, and in the underlying primitive of several CAESAR submissions. Despite its long history of practical use, the community has so far failed to develop a complete understanding of its security. For example, the original proposal was accompanied with a proof of security, dealing with the case of one iteration, it took more than 20 years until the general case of r iterations has been solved. However, these results only deal with the simple case of distinguishing attack on a single, unknown key setting. Its security in more advanced, yet practically relevant security models, such as the related-key setting or the non-ideal-permutation setting, is largely unexplored. This is a fruitful and challenging area of research for the next 3 to 5 years, that will lead to a fundamental understanding of iterated constructions and ultimately to more efficient and more secure ciphers.