Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Within this website:
External resources:
Within this website:
External resources:
  • the dblp Computer Science Bibliography

Dagstuhl Seminar 24041

Symmetric Cryptography

( Jan 21 – Jan 26, 2024 )

(Click in the middle of the image to enlarge)

Please use the following short url to reference this page:



Shared Documents



IT Security plays an increasingly crucial role in our everyday life and business. Virtually all modern security solutions are based on cryptographic primitives. Symmetric cryptography deals with the case where both the sender and the receiver of a message are using the same key. Due to their good performance, symmetric cryptosystems are the main workhorses of cryptography and are highly relevant not only for academia, but also for industrial activities. For this Dagstuhl Seminar we plan to focus on several topics, which we believe to be of great importance for the research community and, likewise, to have a positive impact on industry and the deployment of secure crypto in the future.

Follow Up on Main Results from Last Dagstuhl Seminar. At the last Dagstuhl Seminar on symmetric cryptography in 2022, the participants were divided into six groups in order to discuss research topics proposed by each participant. The discussions were very productive and there were and will be publications from several groups. We believe that the discussions and results from these 2022 work groups reflect the main interests of the community and are useful topics to continue to discuss at the Dagstuhl Seminar in 2024. Our plan is to ask participants at the 2024 Dagstuhl Seminar that also participated in the work groups in 2022 to present their finished results. We additionally expect this to lead to further discussions and, without a doubt, to new research ideas.

Evaluation of NIST's Lightweight Recommendations. The US National Institute of Standards and Technology (NIST) acknowledged in 2013 the real-world importance of lightweight cryptography and announced an initiative for standardization. They have been running a public competition since 2018 to determine a standard technology for lightweight cryptography (NIST LWC). At the time of the Dagstuhl Seminar in 2024, NIST will have determined the winner(s) of the competition, and it is expected that the standardized algorithms are implemented in many environments. In such cases, besides the theoretical security of cryptographic algorithms, it is necessary to consider practical security such as nonce-misuse resistance, reuse of unverified plaintext, leakage resilience, and so on. In the Dagstuhl Seminar in 2024, we will focus on these issues, as well as continue to challenge their security through cryptanalysis.

Design and Analysis of Symmetric Crypto for New Applications. Recently, the design of symmetric-key primitives has started to focus on different types of optimization. Those optimizations could be with respect to performance and with respect to special security requirements. Stated differently, one first considers a target application (such as multi-party computation or non-interactive zero-knowledge proofs), and only then designs symmetric-key primitives for this purpose. This causes a paradigm shift in design criteria. In this seminar, we will explore the security of recently introduced ciphers that were designed specifically for such target applications, and develop novel ciphers with improved security arguments and guarantees.

Generic Analysis of Emerging Modes. Permutation-based cryptography has gained astounding popularity in the last decade, and security proofs are performed in the ideal permutation model. A similar phenomenon is visible in various ideal cipher-based constructions that have appeared recently. In this seminar, we want to explore how results with different models (such as a standard model and an ideal model) compare from a theoretical perspective, and we want to investigate what cryptanalytical results on certain primitives mean for the targeted construction.

Seminar Structure. We plan to organize research groups before the commencement of the actual seminar in January 2024 to make the seminar itself more productive. We expect the colleagues that will join the seminar to be fully committed to proposing topics for the research groups and to participating in them. We plan to have a first day of invited talks related to these selected research topics. We will also schedule talks spread over the remaining days to get the opportunity to catch up with what the other researchers are working on.

Copyright Christof Beierle, Bart Mennink, Maria Naya-Plasencia, and Yu Sasaki


Related Seminars
  • Dagstuhl Seminar 07021: Symmetric Cryptography (2007-01-07 - 2007-01-12) (Details)
  • Dagstuhl Seminar 09031: Symmetric Cryptography (2009-01-11 - 2009-01-16) (Details)
  • Dagstuhl Seminar 12031: Symmetric Cryptography (2012-01-15 - 2012-01-20) (Details)
  • Dagstuhl Seminar 14021: Symmetric Cryptography (2014-01-05 - 2014-01-10) (Details)
  • Dagstuhl Seminar 16021: Symmetric Cryptography (2016-01-10 - 2016-01-15) (Details)
  • Dagstuhl Seminar 18021: Symmetric Cryptography (2018-01-07 - 2018-01-12) (Details)
  • Dagstuhl Seminar 20041: Symmetric Cryptography (2020-01-19 - 2020-01-24) (Details)
  • Dagstuhl Seminar 22141: Symmetric Cryptography (2022-04-03 - 2022-04-08) (Details)
  • Dagstuhl Seminar 26061: Symmetric Cryptography (2026-02-01 - 2026-02-06) (Details)

  • Cryptography and Security

  • symmetric cryptography
  • (quantum) cryptanalysis
  • provable security