DIAC - Directions in Authenticated Ciphers July 05 & 06, 2012 Stockholm, Sweden Call for contributions: ECRYPT's virtual labs SymLab and VAMPIRE organize DIAC - Directions in Authenticated Ciphers. Users, starting with a shared secret key, need to protect messages against espionage _and_ against forgery. Dissatisfaction with the security and performance of current approaches has led to calls for a new competition for authenticated ciphers. The purpose of this workshop is to evaluate the state of the art in authenticated encryption and gather community input regarding desired future directions. We hope that the DIAC workshop will shape a future competition in the same way that SASC 2004 and the ECRYPT Hash Workshop 2007 shaped the ECRYPT Stream Cipher Project and the SHA-3 competition. o DIAC asks for submissions on the following topics: - Components and combinations * block ciphers * dedicated stream ciphers * stream ciphers based on block ciphers * dedicated hash functions, sponges, etc. * hash functions based on block ciphers * dedicated MACs * MACs based on hash functions * MACs based on block ciphers * authenticated encryption based on any of the above * dedicated ciphers with built-in authentication - Attacks * cryptanalysis of symmetric systems * side-channel attacks on symmetric systems * real-world costs of attacks - Implementations * APIs * software * FPGAs * ASICs * comparisons - Requirements * quantitative security: e.g., is 80 bits enough? * qualitative security: e.g., MAC vs. PRF, INT-PTXT vs. INT-CTXT * robustness: e.g., security under nonce reuse, security against idiots * side-channel resistance * handling of limited randomness * safety of using a key for many messages: 2^32? 2^64? * key agility * throughput in software, FPGA, ASIC * parallelizability, incrementality, etc. * ASIC area budgets, FPGA slice budgets, etc. * power limits, energy limits, etc. * bandwidth: short plaintexts, ciphertexts, authenticators * flexibility: e.g., variable authenticator lengths * convenience: e.g., one-pass, intermediate tags * use cases o Deadlines May 07, 2012: submission of papers June 04, 2012: notification June 18, 2012: resubmission deadline July 05 - 06, 2012: DIAC workshop Each submission should start with a title, a list of the authors together with their affiliations and a short abstract describing the content of the paper. This should be followed by either a full paper or an extended abstract of at least 1 page. We also encourage submissions of panel proposals, white papers, lists of desiderata, etc. Authors of each submission must guarantee that they will present the submission at the workshop if it is accepted. Submission procedures will be available on the web page soon. o Program Committee (members confirmed so far): * Daniel J. Bernstein (University of Illinois at Chicago, USA) * Carlos Cid (Royal Holloway, University of London, UK) * Tetsu Iwata (Nagoya University, Japan) * Thomas Johansson (Lund University, Sweden) * Tanja Lange (Technical University of Eindhoven, The Netherlands) * Stefan Lucks (University of Mannheim, Germany) * Kaisa Nyberg (Aalto University, Finnland) * Elisabeth Oswald (University of Bristol, UK) * Bart Preneel (Katholieke Universiteit Leuven, Belgium) * Vincent Rijmen (Katholieke Universiteit Leuven, Belgium) * Phillip Rogaway (University of California, Davis, USA) * Martijn Stam (University of Bristol, UK) * Francois-Xavier Standaert (Universite catholique de Louvain, Belgium) * Ingrid Verbauwhede (Katholieke Universiteit Leuven, Belgium) o Acknowledgments The list of topics above draws on discussions at the January 2012 Dagstuhl workshop on Symmetric Cryptography. We gratefully acknowledge suggestions from Jean-Philippe Aumasson, Eli Biham, Joan Daemen, Orr Dunkelman, Lars Knudsen, Bart Preneel, and Greg Rose.