The National Institute of Standards and Technology has revealed plans to develop three general-purpose cryptographic accordions.
The agency said Friday it specifically aims to develop variants of the Hash-Encrypt-Hash, or HCTR2, technique for the following accordions:
- Acc128 to support typical usage or birthday bounds with the Advanced Encryption Standard, or AES
- Acc256 to support typical usage with a 256-bit block cipher, possibly Rijndael-256
- BBBAcc to support extended usage or beyond-birthday-bound with AES
What Is a Cryptographic Accordion?
A cryptographic accordion is a tweakable, variable-input-length strong pseudorandom permutation, or VIL-SPRIP, derived from an underlying block cipher. It functions as both a mode of the underlying block cipher and a tweakable block cipher for various input lengths.
A derived function serves as an input encoding that enables particular functionalities within an accordion, including authenticated encryption with associated data, or AEAD, tweakable encryption for storage applications, or deterministic authenticated encryption for key wrapping. These efficient accordions support enhanced security beyond existing approved modes.
NIST established a standardized series of block cipher modes of operation within the Special Publication 800-38 series and NIST Internal Report 8459 details their limitations.
The agency hosted two workshops to determine potential enhancements and establish a consensus on developing one or more cryptographic accordions. Through the workshops, NIST identified the need for a cryptographic accordion. It proposed using the HCTR2 technique as the basis for the accordion, citing its maturity and widespread deployment.
NIST requested public comments on the initiative and will receive responses until August 6.
