This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

NIST.gov - Computer Security Division - Computer Security Resource Center

success fail Jul SEP Oct 04 2016 2017 2018 128 captures 01 Jan 2008 - 30 Nov 2017 About this capture COLLECTED BY Organization: Internet Archive These crawls are part of an effort to archive pages as they are created and archive the pages that they refer to. That way, as the pages that are referenced are changed or taken from the web, a link to the version that was live when the page was written will be preserved.

Then the Internet Archive hopes that references to these archived pages will be put in place of a link that would be otherwise be broken, or a companion link to allow people to see what was originally intended by a page's authors.

The goal is to fix all broken links on the web. Crawls of supported "No More 404" sites. Collection: Wikipedia Near Real Time (from IRC) This is a collection of web page captures from links added to, or changed on, Wikipedia pages. The idea is to bring a reliability to Wikipedia outlinks so that if the pages referenced by Wikipedia articles are changed, or go away, a reader can permanently find what was originally referred to.

This is part of the Internet Archive's attempt to rid the web of broken links. TIMESTAMPS

In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.gov. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site

NIST, Computer Security Resource Center

Modes Development

Proposed Modes

This page contains links to the proposols for block cipher modes of operation (modes, for short) that have been submitted to NIST for consideration.

NIST maintains this page in order to facilitate public review of the modes; comments may be submitted to [email protected]

Appearance of a mode in this list does not constitute endorsement or approval by NIST. See the Current Modes page for descriptions of the modes that are currently approved.

For each proposal below, links are given to the available documentation, as described in the following list of abbreviations:

Abbreviations for "Available Documentation"

(The links within the key table itself refer to the corresponding section of the submission guidelines)

All documentation is provided on a voluntary basis by the submitters. In particular, if there is no active link to an intellectual property statement, then the submitter has not provided one to NIST.

The modes proposals are organized into the four tables below: Back to Top

Authenticated Encryption Modes

Mode Full Mode Name Available Documentation CCM Counter with CBC-MAC
R. Housley, D. Whiting, N. Ferguson
(Posted June 3, 2002) SP | AD1 | AD2
IP | TV | SU CS Cipher-State
R. Schroeppel
(Posted May 7, 2004) SP | AD | IP
TV | SU CWC Carter Wegman (authentication) with Counter (encryption)
T. Kohno, J. Viega, D. Whiting
(Posted June 9, 2003) SP | AD | IP
TV | SU EAX A Conventional Authenticated-Encryption Mode
M. Bellare, P. Rogaway, D. Wagner
(Posted October 3, 2003)
SP | AD | IP
TV |  SU EAX' EAX' (EAX-prime) Cipher Mode
M. Burns, E. Beroset, A. Moise, T. Phinney SP | AD | IP
TV |  SU GCM Galois/Counter Mode
D. McGrew, J. Viega
(Revised specifcation posted June 2, 2005)
SP | AD1 | AD2
IP | TV | SU IACBC Integrity Aware Cipher Block Chaining
C. Jutla SP | AD | IP
TV | SU IAPM Integrity Aware Parallelizable Mode
C. Jutla SP | AD1 | AD2
AD3 | IP | TV | SU IOC Input and Output Chaining
F. Recacha
(Posted January 16, 2014)

SP | AD | IP
CD | TV | SU

OCB Offset Codebook
P. Rogaway SP | AD | IP
CD | TV | SU PCFB Propagating Cipher Feedback
H. Hellström SP | AD | IP
 TV | SU RKC Random Key Chaining (RKC)
P. Kaushal, R. Sobti, G. Geetha SP | AD | IP
TV | SU SIV Synthetic IV
P. Rogaway, T. Shrimpton
(Posted September 11, 2007) SP | AD | IP
TV1 | TV2 | SU XCBC eXtended Cipher Block Chaining Encryption
V. Gligor, P. Donescu SP | AD | IP
TV | SU Back to Top

Authentication Modes

Mode Full Mode Name Available Documentation OMAC OMAC: One-Key CBC
T. Iwata, K. Kurosawa
(Posted December 20, 2002) SP | AD | IP
TV | SU PMAC Parallelizable Message Authentication Code
P. Rogaway SP | AD | IP
CD | TV | SU RMAC Randomized MAC
E. Jaulmes, A. Joux, F. Valette SP | AD | IP
TV | SU TMAC Two-Key CBC MAC
K. Kurosawa, T. Iwata
(Posted July 9, 2002) SP | AD | IP
TV | SU XCBC
(MAC) Extended Cipher Block Chaining MAC
J. Black, P. Rogaway SP | AD | IP
TV | SU XECB
(MAC) eXtended Electronic Code Book MAC
V. Gligor, P. Donescu SP | AD | IP
TV | SU Back to Top

Encryption Modes

Mode Full Mode Name Available Documentation 2DEM 2D-Encryption Mode
A. A. Belal, M. A. Abdel-Gawad SP | AD | IP
CD | TV | SU ABC Accumulated Block Chaining
L. Knudsen SP | AD | IP
TV | SU BPS Format Preserving Encryption Proposal
E. Brier, T. Peyrin, J. Stern SP | AD | IP
TV | SU CSPEM Character Set Preserving Encryption Mode
Gary S. Sarasin SP | AD | IP
TV | SU CTR Counter Mode Encryption
H. Lipmaa, P. Rogaway, D. Wagner SP | AD | IP
TV | SU DFF Delegatable Feistel-based Format-preserving Encryption Mode
J. Vance, M. Bellare
(Posted on Nov. 9, 2015 as replacement for VAES3 proposal)
SP | AD | IP1
IP2 | TV | SU FCEM Format Controlling Encryption Mode
U. Mattsson
(Posted Jun 30, 2009) SP | AD | IP
TV | SU FFX Format-preserving Feistel-based Encryption Mode
M. Bellare, P. Rogaway, T. Spies
(April 12, 2010: Version 1.1 replacing Version 1.0) SP | SP2 | AD
IP | TV | SU IGE Infinite Garble Extension
V. Gligor, P. Donescu SP | AD | IP
TV | SU RAC Random Access Counter
J. Anderson
(Posted May 15, 2015) SP | AD | IP
CD | TV | SU VFPE VISA Format Preserving Encryption
VISA USA Inc., Attention John Sheets or Kim R. Wagner SP | AD | IP
TV | SU XBC Cross Block Chaining (XBC)
Andre Watson
(Posted Oct 16, 2014)
(Added link to code Jan 18, 2017) SP | AD | IP
CD | TV | SU Back to Top

Other Modes

Mode Full Mode Name Available Documentation *AES-
hash

(Hash) AES-hash
B. Cohen SP |  AD |  IP
TV | SU KFB Key Feedback Mode
J. Håstad, M. Naslund SP |  AD |  IP
TV | SU

* AES-hash as defined in the submission will not be adopted in the current development effort because it requires the Rijndael algorithm with a block size of 256 bits, not 128 bits (as specified in the AES). Rijndael has not been vetted with a block size other than 128 bits. Nevertheless, NIST will consider comments on this proposal and on the issues it raises: whether to develop a hash mode, and whether and how to develop/vet additional variants of the AES.

CSRC Webmaster, Disclaimer Notice & Privacy Policy
NIST is an Agency of the U.S. Department of Commerce Last updated: January 19, 2017
Page created: January 25, 2001