Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Within this website:
External resources:
Within this website:
External resources:
  • the dblp Computer Science Bibliography

Dagstuhl Seminar 14021

Symmetric Cryptography

( Jan 05 – Jan 10, 2014 )

(Click in the middle of the image to enlarge)

Please use the following short url to reference this page:





In recent years, the field of Symmetric Cryptography has greatly advanced.

The cryptanalysis of cryptographic hash functions made a quantum leap in 2004/2005, and in 2012, Keccak was selected as the winner of the SHA-3 competition. “Attacks” on AES (related-key attacks and biclique attacks) were found that tell it apart from an ideal cipher, but they also leave a question of when a mathematical observation on a symmetric primitive represents a real weakness and should be called an “attack”. The rapid development of lightweight cryptography yields a series of innovative designs of symmetric primitives, and these new designs also create opportunities for novel attacks. A new competition, CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness), has been launched, and is now calling for submissions of authenticated encryption schemes.

The aim of the seminar is to bring together leading experts and exceptionally talented junior researchers working in the field of Symmetric Cryptography. Most of the participants are expected to give presentations on their current research. The schedule will ensure ample time for discussions and ad hoc sessions without talks prepared in advance of the seminar. We plan to hold one or two “brainstorming” or “rump” sessions, to discuss unfinished ideas, to present very recent results (perhaps found during the course of the seminar), and to reflect the current state of symmetric cryptography in general. The seminar will concentrate on the design and analysis of

  • symmetric primitives (block and stream ciphers, message authentication codes, and hash functions), as well as
  • complex cryptosystems and cryptographic protocols based on symmetric primitives.

Further, at the discussions during the Dagstuhl Seminar on Symmetric Cryptography in 2012, participants agreed on authenticated encryption becoming a major research topic for Symmetric Cryptography in the next few years, because current authenticated encryption schemes are not always suitable for practical demand. The issues around authenticated encryption schemes will be one of the topics of the seminar.


Symmetric cryptography deals with the case that both the sender and the receiver of a message are using the same key - the setting for symmetric encryption or authentication - as well as the case where there is no key at all - the setting for cryptographic hash functions. This differentiates symmetric cryptography from it asymmetric counterpart, where senders or verifiers use a "public key" and receivers or signers use a corresponding but different "private key." Although asymmetric cryptographic schemes provide in principle more flexibility, but are normally by orders of magnitude less efficient than symmetric cryptographic schemes. Thus, symmetric cryptosystems are the main workhorses of cryptography and highly relevant not only for academia, but also for industrial research, too.

The seminar was the fourth of its kind, the first one took place in 2007, the second in 2009, and the third in 2012. It concentrates on the design and analysis of

  • symmetric primitives (block and stream ciphers, message authentication codes and hash functions), as well as
  • complex cryptosystems and cryptographic protocols based on symmetric primitives.

One major topic was authenticated encryption. As already discussed at January 2012 Dagstuhl Seminar on Symmetric Cryptography, there is a demand for encryption schemes that ensure the confidentiality and integrity of data. This eventually led to an open cryptographic competition named CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness). The goal of CAESAR is to identify a portfolio of authenticated ciphers that offer advantages over standard approaches like AES-GCM and (2) are suitable for widespread adoption. To this end cryptographic algorithm designers are invited to submit proposals of authenticated ciphers to CAESAR. All proposals will be made public for evaluation. As the deadline for first round submissions was in March 2014, i.e., only several weeks after the seminar, several groups were actively working on designing and analyzing new proposals for authenticated encryption schemes. Moreover, there was a discussion session that was mainly devoted to current CAESAR submissions. One result was a better understanding of necessary requirements and the current state of these schemes.

Another major topic was the analyis of Even-Mansour encryption schemes. Such schemes generalize common design approaches by reducing these to the composition of simple, idealized components like random permutations. Other topics focused during the discussion session include random number generation and provable security complex cryptosystems.

Copyright Frederik Armknecht, Helena Handschuh, Tetsu Iwata, and Bart Preneel

  • Martin R. Albrecht (Technical University of Denmark - Lyngby, DK) [dblp]
  • Elena Andreeva (KU Leuven, BE) [dblp]
  • Frederik Armknecht (Universität Mannheim, DE) [dblp]
  • Tomer Ashur (KU Leuven, BE) [dblp]
  • Jean-Philippe Aumasson (Kudelski Security - Cheseaux, CH) [dblp]
  • Steve Babbage (Vodafone Group - Newbury, GB) [dblp]
  • Daniel J. Bernstein (University of Illinois - Chicago, US) [dblp]
  • Eli Biham (Technion - Haifa, IL) [dblp]
  • Alex Biryukov (University of Luxembourg, LU) [dblp]
  • Céline Blondeau (Aalto University, FI) [dblp]
  • Andrey Bogdanov (Technical University of Denmark - Lyngby, DK) [dblp]
  • Carlos Cid (Royal Holloway University of London, GB) [dblp]
  • Joan Daemen (STMicroelectronics - Diegem, BE) [dblp]
  • Itai Dinur (ENS - Paris, FR) [dblp]
  • Orr Dunkelman (University of Haifa, IL) [dblp]
  • Henri Gilbert (ANSSI - Paris, FR) [dblp]
  • Jian Guo (Nanyang TU - Singapore, SG) [dblp]
  • Tetsu Iwata (Nagoya University, JP) [dblp]
  • Pascal Junod (HEIG-VD - Yverdon-les-Bains, CH) [dblp]
  • Dmitry Khovratovich (University of Luxembourg, LU) [dblp]
  • Matthias Krause (Universität Mannheim, DE) [dblp]
  • Tanja Lange (TU Eindhoven, NL) [dblp]
  • Nils Gregor Leander (Ruhr-Universität Bochum, DE) [dblp]
  • Jooyoung Lee (Sejong University - Seoul, KR) [dblp]
  • Gaëtan Leurent (University of Louvain, BE) [dblp]
  • Eik List (Bauhaus-Universität Weimar, DE) [dblp]
  • Stefan Lucks (Bauhaus-Universität Weimar, DE) [dblp]
  • Willi Meier (FH Nordwestschweiz - Windisch, CH) [dblp]
  • Florian Mendel (TU Graz, AT) [dblp]
  • Bart Mennink (KU Leuven, BE) [dblp]
  • Nicky Mouha (KU Leuven, BE) [dblp]
  • Kaisa Nyberg (Aalto University, FI) [dblp]
  • Kenneth G. Paterson (Royal Holloway University of London, GB) [dblp]
  • Thomas Peyrin (Nanyang TU - Singapore, SG) [dblp]
  • Bart Preneel (KU Leuven, BE) [dblp]
  • Christian Rechberger (Technical University of Denmark - Lyngby, DK) [dblp]
  • Greg Rose (Qualcomm Inc. - San Diego, US) [dblp]
  • Yu Sasaki (NTT Labs - Tokyo, JP) [dblp]
  • Francois-Xavier Standaert (University of Louvain, BE) [dblp]
  • John Steinberger (Tsinghua University - Beijing, CN) [dblp]
  • Gilles Van Assche (STMicroelectronics - Diegem, BE) [dblp]
  • Serge Vaudenay (EPFL - Lausanne, CH) [dblp]
  • Vesselin Velichkov (University of Luxembourg, LU) [dblp]
  • Qingju Wang (KU Leuven, BE) [dblp]
  • Jakob Wenzel (Bauhaus-Universität Weimar, DE) [dblp]
  • Kan Yasuda (NTT Labs - Tokyo, JP) [dblp]

Related Seminars
  • Dagstuhl Seminar 07021: Symmetric Cryptography (2007-01-07 - 2007-01-12) (Details)
  • Dagstuhl Seminar 09031: Symmetric Cryptography (2009-01-11 - 2009-01-16) (Details)
  • Dagstuhl Seminar 12031: Symmetric Cryptography (2012-01-15 - 2012-01-20) (Details)
  • Dagstuhl Seminar 16021: Symmetric Cryptography (2016-01-10 - 2016-01-15) (Details)
  • Dagstuhl Seminar 18021: Symmetric Cryptography (2018-01-07 - 2018-01-12) (Details)
  • Dagstuhl Seminar 20041: Symmetric Cryptography (2020-01-19 - 2020-01-24) (Details)
  • Dagstuhl Seminar 22141: Symmetric Cryptography (2022-04-03 - 2022-04-08) (Details)
  • Dagstuhl Seminar 24041: Symmetric Cryptography (2024-01-21 - 2024-01-26) (Details)

  • security / cryptology

  • Authenticity
  • Integrity
  • Privacy
  • Hash Functions
  • Block Ciphers
  • Provable Security
  • Cryptanalysis