• Threshold Schemes for NIST-approved
    Symmetric Block Ciphers in a Single-Device Setting

    7-8-9 July 2020 Online

  • Online Workshop on Threshold Schemes for NIST-approved Symmetric Block Ciphers in a Single-Device Setting

    NIST IR-8214A has identified the secure implementation and deployment of the Advanced Encryption Standard (AES, FIPS 1997) block-cipher for the “single-device” track of threshold cryptography standardization effort. Given the diversity of possible methods, application scenarios, and tradeoffs, NIST is interested in hearing from stake-holders about potential techniques and useful criteria for standardization, including recommendations for incorporating them into the NIST validation programs. While threshold schemes for AES remain our focus area for this workshop, it would also be useful to identify techniques that may have applicability for other emerging standard primitives such as symmetric-cryptography lightweight primitives.

    Deliverable goal: We seek to identify one or more security models (e.g, SCA, FA, SCA+FA) and related security profiles for single device AES threshold implementations to use as the platforms for standardization of schemes. If more than one security model is recommended, it is important to identify how the models stack in terms of security assurances offered. Furthermore, for each candidate security model, there should be identified one or more mechanisms to validate the assumptions for it in order to be able to adopt them in the NIST cryptographic validation programs. We strongly favor models with verifiable/testable assumptions yielding realistic and effective assurances of security of actual implementations.

    List of questions/topics for discussions

    • Which models to focus on?
    • Which security profiles?
    • What “gadgets” to focus on?
    • How to integrate random number generation?
    • What efficiency metrics are relevant in the threshold paradigm (e.g., number of random bits, area, latency, throughput, flexibility, power, energy, …)
    • Which security metrics are relevant?


    You can register via the form below. Registered participants will be informed about the online location of the workshop one week before the event.

    Registration has closed.

    Program (preliminary)

    Please note that the timezone of the program is Central European Time.

    The program can be found here:

    If you have questions, please send an email to svetla.nikova[at]esat.kuleuven.be.


    • Svetla Nikova, KU Leuven
    • Vincent Rijmen, KU Leuven
    • Begül Bilgin, Rambus
    • Amir Moradi, RUB
    • Miroslav Knezevic, NXP
    • Emmanuel Prouff, ANSSI