07. – 12. Januar 2018, Dagstuhl Seminar 18021

Symmetric Cryptography


Joan Daemen (Radboud University Nijmegen, NL, and STMicroelectronics – Diegem, BE)
Tetsu Iwata (Nagoya University, JP)
Nils Gregor Leander (Ruhr-Universität Bochum, DE)
Kaisa Nyberg (Aalto University, FI)

Auskunft zu diesem Dagstuhl Seminar erteilt

Dagstuhl Service Team


Gemeinsame Dokumente
Programm des Dagstuhl Seminars [pdf]


Cryptography is the science of designing and analyzing techniques for secure communication. Modern cryptography can be divided into several areas of study, with symmetric cryptography being one of the most important. In particular, as asymmetric primitives are typically orders of magnitude less efficient than symmetric cryptographic schemes, symmetric cryptosystems remain the main workhorses of cryptography and highly relevant not only for academia, but also for industrial research and applications. IT Security plays an increasingly crucial role in everyday life and business. Especially after the disclosure of the NSA world-spanning spying activities and in the context of the Internet of Things, IT Security and privacy protection is a vital topic of the 21st century. Virtually all modern security solutions are based on cryptographic primitives. In the seminar, we plan to discuss in detail the design and analysis of symmetric cryptographic primitives while focusing on the three topics below. This event is going to be the sixth in the series of the Dagstuhl seminars "SymmetricCryptography" held in 2007, 2009, 2012, 2014, and 2016.

Cryptography for the IoT Motivated by the upcoming IoT, one of the strong research trends in symmetric cryptography is lightweight cryptography. Those efforts resulted in a wide variety of block cipher designs suitable for IoT appliations. However, a block cipher is clearly not the solution to all cryptographic purposes. Research on other primitives and modes has just started and many primitives and modes of operations suitable for lightweight crypto remain to be explored.

Statistical Attacks Statistical attacks have been deployed widely and providing strong resistance against them has resulted in several important design criteria for contemporary symmetric primitives. One main issue that has become apparent only recently is the accuracy of the underlying statistical models that researchers are using. Typically, those models are presented under some simplifying assumptions, whose validity remains an open question. It is an important challenge to settle these unsatisfactory simplifications. This becomes even more important when the attacks are hard or impossible to verify experimentally due to the large computational costs involved. Moreover, to allow comparison between different attacks the researchers must agree on common attack models and parameters that measure the performance of the attack.

Symmetric cryptography in the era of mass surveillance The Snowden leaks have painfully illustrated that citizen privacy and anonymity is next to non-existent nowadays. Secret services and IT corporations massively spy on people's communication and data storage for motives such as profit and surveillance. They don't seem to be hindered significantly in this at all by the pervasive deployment of cryptography (TLS, GSM, WPA, etc.). At the Dagstuhl Seminar we will have a discussion session on how the symmetric crypto community can contribute to improve the situation. We expect an open discussion and it is likely new themes will be proposed. As a start, we are going to discuss the following items.

  • Education of the general public: it is impossible to have protection without awareness.
  • Education of the protocol designers and programmers: there are many new standards being drafted for the moment and many repeat the same mistakes over and over again. Often the cryptographic knowledge of people in the standardization committees is very limited.
  • Rewarding implementations: writing of optimized code (for software but also hardware, like VHDL) that additionally provides resistance against side-channel and/or fault attacks is a highly sophisticated task requires much insight and effort. However, in the current academic climate, such efforts are not sufficiently rewarded and we think it would be good to change this.

  Creative Commons BY 3.0 DE
  Joan Daemen, Tetsu Iwata, Nils Gregor Leander, and Kaisa Nyberg

Dagstuhl Seminar Series


  • Security / Cryptology


  • Symmetric cryptography
  • Cryptanalysis
  • Cryptography for IoT
  • Mass surveillance
  • AE


Bücher der Teilnehmer 

Buchausstellung im Erdgeschoss der Bibliothek

(nur in der Veranstaltungswoche).


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von
Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.