Center for Scientific Workshops in All Disciplines

Current Workshop | Overview | Back | Home | Search | | ||||||||||

## Flexible Symmetric Cryptography |

For more than thirty years, block ciphers have been the workhorses for
most applications of symmetric cryptography. Given two inputs (key and
plaintext) a block cipher encryption generates one output (the ciphertext). Whenever a complex cryptosystem has been
designed, based on a primitive, the primitive was often a block cipher. Yet,
those days are over, and there are two new alternatives: cryptographic
permutations and tweakable block ciphers. A cryptographic permutation is a block cipher without a key schedule.
This minimalistic approach works very well for the design of hash functions,
such as SHA-3, the first hash function standard based on a cryptographic
permutation instead of a block cipher. The use of permutations also gained in
popularity for encryption and/or authentication after adapting the so-called
sponge construction to keyed modes. In the ongoing CAESAR competition for the
development of a portfolio of authenticated encryption schemes, a significant
amount of submissions is based on different variants of the duplex construction,
the sponge's sibling. Tweakable block ciphers are block ciphers with an additional third input
for the "tweak", giving the mode designer a more flexible tool than
an ordinary block cipher. No less than one third of the 51 initial CAESAR
submissions use tweakable block ciphers, either implicitly or explicitly, and
either as dedicated or generic design. Tweakable block cipher based modes have
achieved speed-ups in authenticated encryption of a factor almost 2 over existing
block-cipher-based schemes. The incentive of the workshop is to improve and intensify the design and
analysis, both generically and specifically, of the symmetric key cryptographic
primitives and modes of the future, and therewith to contribute to a speed-up
of adoption. We particularly target to flexibilize
symmetric cryptography towards its edge fields, including quantum cryptography,
fully homomorphic encryption, lightweight encryption, and side-channel
security. [Back] |