Workshop on Symmetric Cryptanalysis

8-10 August 2011 at Microsoft Research Redmond

Symmetric cryptanalysis investigates weaknesses of symmetric key primitives: block and stream ciphers, hash functions, MACs. Symmetric primitives are the building blocks for encryption, authentication, and data integrity solutions. A single attack on a popular cipher or hash function poses a threat to numerous protocols and security systems around the world.

This workshop will bring together researchers in cryptanalysis to provide a forum for discussions about various cryptanalytic techniques.


A (non-exhaustive) list of topics of interest include attacks on block and stream ciphers, hash functions, MACs; analysis of design frameworks (ARX, sponges, SPNs, etc.); cryptanalytic techniques (differential and linear attacks, algebraic attacks, meet-in-the-middle attacks, rebound attacks, and their variations).


We plan to have 1 day of talks followed by 1.5 days of work in groups. For the latter we plan to announce a list of topics (e.g., analysis of a SHA-3 candidate, cryptanalysis of ARX, etc.) so that people work in groups (6-8 persons) on a particular topic. Each day will be followed by a short presentation session where groups will report on their results. Attending only the first part is also possible.

Invited speakers

We have four invited speakers for the workshop:

  • Adi Shamir (Weizmann University, Israel);
  • Yu Sasaki (NTT Corporation, Japan);
  • Florian Mendel (IAIK TU Graz, Austria);
  • Thomas Peyrin (NTU, Singapore).


Day 1 (8 August 2011); Building 99 Room 1919C

 8:45 Breakfast (in front of 1919C)

10:00 Invited talk. Thomas Peyrin, "Unaligned Rebound Attack for KECCAK"

11:00 Invited talk. Yu Sasaki, "Toward Extending Integral Based Known-Key Distinguisher on AES".

12:00 Lunch

13:00 Invited talk. Adi Shamir, "Minimalism in Cryptography"

14:00 Invited talk. Florian Mendel, "Update on SHA-2"

15:00 Coffee break

15:30 Orr Dunkelman, "Rethinking IDEA"

16:00 Andrey Bogdanov, "Zero Correlation Linear Cryptanalysis"

16:30 Markku-Juhani Saarinen, "HBX256 -- Encryption, Authentication and a Hash"

17:00 Break

17:15 Simon Knellwolf, "Conditional Differential Cryptanalysis of Trivium and KATAN"

17:45 Discussion on brainstorming topics.


Day 2 (9 August 2011); Building 99 Rooms 1919A/B/C

8:45 Breakfast

10:00 Work in groups (1919 A/B/C)

12:30 Lunch

13:30 Work in groups

15:30 Coffee break

16:00 Work in groups

18:00 Gathering and discussion

18:30 Excursion


Day 3 (10 August 2011); Building 99 Rooms 1919A/B/C

8:45 Breakfast

9:30 Work in groups

12:30 End

Talk submission

We encourage attendees to give a short talk on their recent work. Since the number of time slots might be limited, priority will be given to yet unpublished results.


The workshop will be held in Redmond, Washington, in Microsoft building 99, room 1919. Please refer to the MSR Visit page for further details and parking instructions.


The workshop is open to all, however space is limited, and we need an accurate count of those attending. If you are interested in attending, please email Dmitry Khovratovich. There will be no registration fee.


Those who need a visa to visit the US are advised to read the CRYPTO 2011 Visa Page. Invitation letters may be provided on request.