In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Public Comments

Comments on the Draft Specification of FPE Modes

On July 8, 2013, NIST announced a period of public comment, ending September 3, 2013, on Draft Special Publication 800-38G, which specifies three modes of the AES block cipher for format preserving encryption. The comments that NIST received are posted here.

In subsequent analysis, NIST explains that one of the FPE modes in the draft, FF2, does not provide the expected 128 bits of security for some use cases

Comments on the Draft Specification of Key Wrapping Methods

On August 2011, NIST announced a period of public comments on the draft NIST Special Publication 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. The public comments that NIST received in response to this request are collected here.

Comments on the Proposal to Approve EAX'

On June 21, 2011, NIST announced a period of public comment, ending July 22, 2011, on a proposal to approve the EAX´ mode of operation. Comments are provided in two files. The first is an updated report from Toshiba. The second is a collection of all the other comments. Subsequently, Tetsu Iwata and Kazuhiko Minematsu provided public comments that reference their paper with HIraku Morita and Stefan Lucks, Cryptanalysis of EAX’ on the IACR eprint archive.

Comments on the Proposal to Approve FFX

On June 9, 2011, NIST announced a period of public comment on a proposal to approve two schemes of the FFX framework for format preserving encryption: FFX[radix] and VAES3. The public comments that NIST received in response to this request are collected here.

Comments on the Proposal to Approve XTS-AES

In Request for Public Comments on XTS, NIST requested public comments on the proposal to approve the XTS-AES confidentiality mode by reference to IEEE Stnd. 1619-2007. The comment period ended September 3, 2008. The following are links to documents that NIST received from the indicated commenter:

Other public comments that were submitted within email messages are collected here.

Matthew Ball provided follow-up comments to the public comments on XTS-AES.

The public comments on the draft NIST Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality in Block-Oriented Storage Devices are collected here.

Comments on The Draft GCM Specification

The following public comments were submitted on the second (July 2007) draft NIST SP 800-38D: Recomendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC :

Commenter

The following paper was submitted as a public comment on the first (April 2006) draft NIST SP 800-38D: Recomendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM):

Authentication Failures in NIST version of GCM - Antoine Joux

Other comments that NIST received on the draft are available in PDF here.

Comments on the Choice Between CWC or GCM

NIST requested public comments on its intention to recommend either the CWC mode or the GCM mode. Links to PDF files of papers that were submitted are given in the following table:

Other public comments on the draft are available in PDF here. The comment period ended June 1, 2005.

Comments on the Draft CMAC Specification

The public comments on the draft NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication are collected here.

Comments on the Draft CCM Specification

Links to PDF files of papers that were submitted as public comments on the draft NIST Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality are given in the table below:

Other public comments on the draft, submitted within email messages, are available in PDF here.

Another document briefly describes NIST's responses to the most significant public comments.

Comments on Draft RMAC Specification

Links to PDF files of papers that were submitted as public comments on the early draft of NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode are given in the table below. NIST subsequently decided to replace RMAC with CMAC.

Other public comments on the draft, submitted within email messages, are available in PDF here.

General Public Comments on Modes

The general public comments on modes of operation that were submitted within email messages are available in two PDF files:

Links to PDF files of the papers on modes of operation that were submitted as public comments are given in the table below:

NIST continues to accept public comments on modes of operation, including comments on:

  • Properties of individual modes (security, performance, etc.)
  • Comparisons of proposed modes
  • Recommendations for standardization
  • Other related issues, such as padding

Comments may be submitted to EncryptionModes@nist.gov.