January 5 – 10 , 2014, Dagstuhl Seminar 14021

Symmetric Cryptography


Frederik Armknecht (Universität Mannheim, DE)
Helena Handschuh (Cryptography Research Inc. – San Francisco, US)
Tetsu Iwata (Nagoya University, JP)
Bart Preneel (KU Leuven, BE)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 4, Issue 1 Dagstuhl Report
Aims & Scope
List of Participants
Dagstuhl Seminar Schedule [pdf]


Symmetric cryptography deals with the case that both the sender and the receiver of a message are using the same key - the setting for symmetric encryption or authentication - as well as the case where there is no key at all - the setting for cryptographic hash functions. This differentiates symmetric cryptography from it asymmetric counterpart, where senders or verifiers use a "public key" and receivers or signers use a corresponding but different "private key." Although asymmetric cryptographic schemes provide in principle more flexibility, but are normally by orders of magnitude less efficient than symmetric cryptographic schemes. Thus, symmetric cryptosystems are the main workhorses of cryptography and highly relevant not only for academia, but also for industrial research, too.

The seminar was the fourth of its kind, the first one took place in 2007, the second in 2009, and the third in 2012. It concentrates on the design and analysis of

  • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), as well as
  • complex cryptosystems and cryptographic protocols based on symmetric primitives.

One major topic was authenticated encryption. As already discussed at January 2012 Dagstuhl Seminar on Symmetric Cryptography, there is a demand for encryption schemes that ensure the confidentiality and integrity of data. This eventually led to an open cryptographic competition named CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness). The goal of CAESAR is to identify a portfolio of authenticated ciphers that offer advantages over standard approaches like AES-GCM and (2) are suitable for widespread adoption. To this end cryptographic algorithm designers are invited to submit proposals of authenticated ciphers to CAESAR. All proposals will be made public for evaluation. As the deadline for first round submissions was in March 2014, i.e., only several weeks after the seminar, several groups were actively working on designing and analyzing new proposals for authenticated encryption schemes. Moreover, there was a discussion session that was mainly devoted to current CAESAR submissions. One result was a better understanding of necessary requirements and the current state of these schemes.

Another major topic was the analyis of Even-Mansour encryption schemes. Such schemes generalize common design approaches by reducing these to the composition of simple, idealized components like random permutations. Other topics focused during the discussion session include random number generation and provable security complex cryptosystems.

Summary text license
  Creative Commons BY 3.0 Unported license
  Frederik Armknecht, Helena Handschuh, Tetsu Iwata, and Bart Preneel

Dagstuhl Seminar Series


  • Security / Cryptology


  • Authenticity
  • Integrity
  • Privacy
  • Hash Functions
  • Block Ciphers
  • Provable Security
  • Cryptanalysis


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.