05. – 10. Januar 2014, Dagstuhl-Seminar 14021

Symmetric Cryptography


Frederik Armknecht (Universität Mannheim, DE)
Helena Handschuh (Cryptography Research Inc. – San Francisco, US)
Tetsu Iwata (Nagoya University, JP)
Bart Preneel (KU Leuven, BE)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Dagstuhl Report, Volume 4, Issue 1 Dagstuhl Report
Programm des Dagstuhl-Seminars [pdf]


Symmetric cryptography deals with the case that both the sender and the receiver of a message are using the same key - the setting for symmetric encryption or authentication - as well as the case where there is no key at all - the setting for cryptographic hash functions. This differentiates symmetric cryptography from it asymmetric counterpart, where senders or verifiers use a "public key" and receivers or signers use a corresponding but different "private key." Although asymmetric cryptographic schemes provide in principle more flexibility, but are normally by orders of magnitude less efficient than symmetric cryptographic schemes. Thus, symmetric cryptosystems are the main workhorses of cryptography and highly relevant not only for academia, but also for industrial research, too.

The seminar was the fourth of its kind, the first one took place in 2007, the second in 2009, and the third in 2012. It concentrates on the design and analysis of

  • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), as well as
  • complex cryptosystems and cryptographic protocols based on symmetric primitives.

One major topic was authenticated encryption. As already discussed at January 2012 Dagstuhl Seminar on Symmetric Cryptography, there is a demand for encryption schemes that ensure the confidentiality and integrity of data. This eventually led to an open cryptographic competition named CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness). The goal of CAESAR is to identify a portfolio of authenticated ciphers that offer advantages over standard approaches like AES-GCM and (2) are suitable for widespread adoption. To this end cryptographic algorithm designers are invited to submit proposals of authenticated ciphers to CAESAR. All proposals will be made public for evaluation. As the deadline for first round submissions was in March 2014, i.e., only several weeks after the seminar, several groups were actively working on designing and analyzing new proposals for authenticated encryption schemes. Moreover, there was a discussion session that was mainly devoted to current CAESAR submissions. One result was a better understanding of necessary requirements and the current state of these schemes.

Another major topic was the analyis of Even-Mansour encryption schemes. Such schemes generalize common design approaches by reducing these to the composition of simple, idealized components like random permutations. Other topics focused during the discussion session include random number generation and provable security complex cryptosystems.

Summary text license
  Creative Commons BY 3.0 Unported license
  Frederik Armknecht, Helena Handschuh, Tetsu Iwata, and Bart Preneel

Dagstuhl-Seminar Series


  • Security / Cryptology


  • Authenticity
  • Integrity
  • Privacy
  • Hash Functions
  • Block Ciphers
  • Provable Security
  • Cryptanalysis


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.