Online Seminar
GAPS
About

Online GAPS continues the GAPS 2025 workshop, as a regular online seminar. It provides a platform for researchers interested in provable security for symmetric-key cryptography. Topics include proof techniques, security notions, and generic attacks; related topics such as cryptanalysis and mathematical foundations are also welcome.

Schedule
Upcoming talk
Improved Bounds and New Schemes for Nonce-Length Extension
Viet Tung Hoang (Florida State University)
Wednesday, June 10, 2026 at 15:00 UTC

In distributed systems, it’s common to use random nonces for authenticated encryption to avoid synchronization. Unfortunately, the national standard GCM has a relatively short nonce length (96 bits), resulting in poor security. Moreover, cloud systems now have to deal with an exponential growth of data, leading to a frequent key rotation of GCM. Both NIST and the industry have been calling for a solution for these issues. Ideally, such a solution should retain the speed of GCM, as using a slower encryption scheme would cost cloud servers millions of dollars per year, which is highly undesirable. In this talk, we consider two different approaches to address this problem.

1) Nonce-length extension transform: given a long (say 192-bit) nonce N and a key K, derive a 96-bit sub-nonce and a subkey, and then run GCM with the latter. We first revisit a particular nonce-length extension method called NX that is used in DNDK-GCM and XAES-256-GCM. We substantially improve its security guarantees by giving good (tight) bounds for both random-nonce and any-nonce security. We go on to give an even better transform that we call RtX. Both NX and RtX provide 96-bit security under the random-nonce setting.

2) Finally, towards longer-term mitigation, we give a new scheme GCX that provides optimal 128-bit security with 192-bit nonce at the speed of GCM. Our scheme GCX is very simple, and uses standard components (AES and GHASH), making it easy to implement and adopt for standardization. Unlike prior work that assumes message length is short, GCX can handle messages up to 2^{58} bytes.

Calendar of Talks

Please note that all times are given in UTC. You may consider adding the calendar (or a specific event) to your Google account; in that case, the times in your calendar will be adjusted to your time zone setting.

Instructions

The seminars take place on Zoom, and recordings of the presentations may be uploaded to YouTube.

For audience
Joining live session:
  1. If you wish to join the live session, please request access using the following form. You may also consider joining the google group. In either case, please indicate your name and affiliation when requesting access.
  2. The Zoom meeting link and instructions will be posted on the google group / sent to emails by request few hours before the session.
  3. Please join at least 5 minutes ahead of the scheduled start.
  4. Please mute your microphone during the talk, unless you want to ask a question.
  5. We strongly encourage questions. You may unmute and directly ask the question, or write on the in-built chat and the moderator will inform the speaker.
  6. All talks and up to 15 minutes of Q&A will be recorded. An unrecorded Q&A may follow directly after that.
Watching the recorded talks:
  1. We will post all talks to the YouTube channel, if the speaker agrees.
  2. A google group conversation thread might also be available (for up to 15 days) for offline discussions with the speaker, if they consent.
For speakers
  • One of the goals of this online seminar is to make research on symmetric-key cryptography more widely accessible, so by default we will share the talk recordings on YouTube. Please let us know in advance if you DO NOT want your presentation to be recorded. If your presentation is recorded, please ensure that it does not include any copyrighted material.
  • Talks are expected to last approximately 1h. The format is flexible, but talks should be accessible to a broad audience.
  • Try to join about 10-15 minutes before your session to make sure your setup is working smoothly.
Contact
The online GAPS seminar is organised by:

  • Ritam Bhaumik
  • Wonseok Choi
  • Avijit Dutta
  • Ashwin Jha
  • Mustafa Khairallah
  • Charlotte Lefevre
  • Yaobin Shen

You may contact them at onlinegaps@gmail.com to suggest talks, or to join the google group. Please note that talk slots are limited, so we may not be able to accommodate every suggestion.