NESSIE - Preliminary Call for Cryptographic Primitives

Version 2.1 March 1, 2000 [Extract]


NESSIE (New European Schemes for Signature, Integrity, and Encryption) is a project within the Information Societies Technology (IST) Programme of the European Commission. The participants of the project are:
Participant name Country
Katholieke Universiteit Leuven Belgium
École Normale Supérieure France
Fondazione Ugo Bordoni Italy
Royal Holloway, University of London U.K.
Siemens Aktiengesellschaft Germany
Technion - Israel Institute of Technology Israel
Université Catholique de Louvain Belgium
Universitetet i Bergen Norway

NESSIE is a 3-year project, which started on January 1 st 2000. Further information about NESSIE is available at .

The main objective of the project is to put forward a portfolio of strong cryptographic primitives for a number of different platforms.  These primitives will be obtained after an open call and evaluated using a transparent and open process. They should be the building blocks of the future standard protocols for the information society.

The deadline for the submission of primitives will be September 29 th 2000 . A workshop will be organised for submitters to present their primitives.


In the information society, cryptology has become a key enabling technology to provide secure electronic commerce and electronic business, secure communications, secure payments, and the protection of the privacy of the citizen. Cryptology is a field that evolves quickly, and society needs robust primitives that provide long term security (15 to 20 years or more), rather than ad hoc solutions that need to be frequently replaced. With the current state of the art in cryptology, it is not possible to have provably secure solutions, although there is a trend to prove more and more security properties of primitives. However, for use in real applications, sufficient confidence in a primitive can only be achieved when primitives have been subjected to an open and independent evaluation for a sufficient amount of time.

The procedure of an open call followed by an evaluation process has been previously used in the selection process for the DES, the RIPE project, and the AES. The scope of this call for primitives is wider than the NIST call for AES. The Information Society needs other cryptographic primitives than just block ciphers. Thus the NESSIE call seeks cryptographic primitives in many areas, such as:

Furthermore, there is a wide range of environments in which cryptographic primitives are used.  Thus the NESSIE project will consider primitives designed for use in specific environments (though flexibility is clearly desirable).  The NESSIE call also asks for testing methodologies of these primitives.

The results of this call will then be subjected to a thorough and open evaluation process. In addition to the responses to the call, the project will also consider a selection from existing standards containing such primitives. The main selection criteria will be long-term security, market requirements, efficiency (performance), and flexibility.

It is also a goal of the project to disseminate widely the results of the project, and to build a consensus based on these results. In order to achieve this, an Industry Group has been established. The Industry Group consists of about twenty leading European companies in this area and will be consulted on a regular basis throughout the project. It is expected that the Industry Group will provide input concerning the nature of the final call (requirements and definitions for primitives), the relevance of the selection criteria, and the standardisation strategy. An important part of the dissemination will be the introduction of these primitives into standardisation bodies (ISO, ISO/IEC, CEN, IEEE, IETF), based in part on the consensus achieved within the project. It is anticipated that the results of the project will also be published in scientific publications.


The NESSIE project is seeking the following types of strong cryptographic primitives:
  1. Block ciphers
  2. Synchronous stream ciphers
  3. Self-synchronising stream ciphers
  4. Message Authentication Codes (MACs)
  5. Collision-resistant hash functions
  6. Families of pseudo-random functions
  7. Asymmetric encryption schemes
  8. Digital signature schemes
  9. Asymmetric identification schemes
Definitions are as given in the Handbook of Applied Cryptography (ISBN: 0-8493-8523-7).

Detailed Security Requirements, Formal Requirements, and Evaluation Criteria are available from

Further Information

Email: . Website: .

FSE 2000 Call for Participation

From: Beth Friedman (

              10-12 April 2000, New York, New York, USA

                     CALL FOR PARTICIPATION

Fast Software Encryption is an annual workshop on cryptography. The first 
Fast Software Encryption workshop was held in Cambridge in 1993, followed 
by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, and 
Rome in 1999. The workshop concentrates on all aspects of traditional 
cryptographic algorithms, including the design and analysis of block 
ciphers, stream ciphers, and hash functions. The seventh Fast Software 
Encryption workshop, FSE 2000, will be held from 10-12 April 2000, in New 
York City, New York, USA.

This is the first time FSE will be in the United States, North America, the 
New World, and West of GMT. The conference will take place at the Hilton 
New York and Towers. It will be in conjunction with the Third AES Candidate 
Conference (same location, 13-14 April 2000). We expect that most people 
will attend both FSE and AES.


There will be one track of presentations, running all day Monday and 
Tuesday, and Wednesday morning.


Ciphertext Only Reconstruction of Stream Ciphers based on Combination
Anne Canteaut and Eric Filiol

Real Time Cryptanalysis of A5/1 on a PC
Alex Biryukov, Adi Shamir, and David Wagner

Efficient Methods for Generating MARS-like S-boxes
L. Burnett, G. Carter, E. Dawson, and W. Millan

Statistical Analysis of the Alleged RC4 Keystream Generator
Scott R. Fluhrer and David A. McGrew

On the Interpolation Attacks on Block Ciphers
A.M. Youssef and G. Gong

The Software-Oriented Stream Cipher SSC2
Muxiang Zhang, Christopher Carroll, Agnes H. Chan

Stochastic Cryptanalysis of Crypton
Marine Minier, Henri Gilbert

On the Pseudorandomness of AES Finalists --- RC6, Serpent, MARS and
Tetsu Iwata and Kaoru Kurosawa

Correlations in RC6
Lars R. Knudsen and Willi Meier

Linear Cryptanalysis of Reduced-Round Versions of the SAFER Block
Cipher Family
Jorge Nakahara Jr., Bart Preneel, and Joos Vandewalle

A Low-Complexity and High-Performance Algorithm for the Fast
Correlation Attack
Miodrag J. Mihaljevic, Marc P.C. Fossorier, and Hideki Imai

A Chosen-Plaintext Linear Attack on DES
Lars R. Knudsen and John Erik Mathiassen

Bitslice Ciphers and Power Analysis Attacks
Joan Daemen, Michael Peeters, and Gilles Van Assche

Securing the AES Finalists Against Power Analysis Attacks
Thomas S. Messerges

Provable Security against Differential and Linear Cryptanalysis for
the SPN Structure
Seokhie Hong, Sangjin Lee, Jongin Lim, Jaechul Sung, and Donghyeon

A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers
Thomas Johnasson

Unforgeable Encryption and Adaptively Secure Modes of Operation
Jonathan Katz and Moti Yung

Mercy: A Fast Large Block Cipher for Disk Sector Encryption
Paul Crowley

Improved Cryptanalysis of Rijndael
Niels Ferguson, John Kelsey, Bruce Schneier, Mike Stay, David Wagner,
and Doug Whiting

A Statistical Attack on RC6
Henri Gilbert, Helena Handschuh, Antoine Joux, and Serge Vaudenay


Because New York is an expensive conference location, a significant amount 
of money is reserved for student scholarships. There is no registration 
charge for students who have a paper accepted to the conference. Additional 
funds are available -- for students who have an accepted paper and those 
who do not -- to help defray travel and hotel costs. Students are urged to 
contact the conference chair as soon as possible and request scholarship 


FSE 2000 will be held at:

Hilton New York and Towers
1335 Avenue of the Americas
New York, New York 10019
Tel: +1 212 586-7000
Fax: +1 212 315-1374

The room rate for both FSE and AES is $242 per night, single or double. 
When you make reservations, be sure to mention that you are with the FSE 
conference in order to get the conference rate. (This is important. In the 
U.S., hotels give away function space in exchange for a guarantee of room 
nights. We have a room block that we have to make, otherwise we will be 
charged significantly more for the conference room. Please stay at the 
conference hotel if at all possible. And please make sure to state that you 
are with the FSE conference, otherwise we will not receive "credit" for 
your room nights.)

In the U.S. and Canada, call toll-free for reservations at 1-800-774-1500. 
Outside the U.S. and Canada, a list of toll-free numbers is available 
online at .

We also have a limited number of rooms at a lower rate at another hotel 
less than ten blocks away, which are intended primarily for student 
housing. Inquire at for further information.


FSE 2000 is made possible by the generous sponsorships of Hi/fn, IBM, RSA, 
Syndata, and USENIX.


Bruce Schneier (Chair, Counterpane)
Ross Anderson (Cambridge)
Eli Biham (Technion)
Don Coppersmith (IBM)
Cunsheng Ding (Singapore)
Dieter Gollmann (Microsoft)
Lars Knudsen (Bergen)
James Massey (Lund)
Mitsuru Matsui (Mitsubishi)
Bart Preneel (K.U.Leuven)
Serge Vaudenay (EPFL)


Bruce Schneier
Beth Friedman
phone: +1-612-721-8800
fax: +1-612-721-8800

New Reports in the Theory of Cryptography Library

The library is currently located at .
LIST OF NEW PAPERS (Nov. 1999 -- Feb. 2000)

99-22: R. Canetti, O. Goldreich, S. Goldwasser and S. Micali,
     Resettable Zero-Knowledge , October 1999.

99-23: C. Dwork, M. Naor and A. Sahai, Concurrent Zero-Knowledge ,
     November 1999.

99-24: M. Bellare and R. Impagliazzo, A tool for obtaining tighter
     security analyses of pseudorandom function based constructions, with
     applications to PRP -> PRF conversion , December 1999.

00-01: O. Goldreich, On Security Preserving Reductions -- Revised
     Terminology, January 2000.

00-02: M. Abdalla and L. Reyzin, A New Forward-Secure Digital Signature
     Scheme , February 2000.

00-03: M. Fischlin, Implications of the Nontriviality of Entropy
     Approximation , February 2000.

00-04: J. Staddon, D. Stinson and R. Wei, Combinatorial properties of
     frameproof and traceability codes , February 2000.

[ IACR home page | IACR Newsletter page and archive | This issue ] © IACR