U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Updates 2023

Decision to Revise NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques
April 28, 2023

In May 2021, NIST's Crypto Publication Review Board initiated a review process for the following two publications:

and received public comments.

In March 2022, the board proposed revising SP 800-38A and converting the SP 800-38A Addendum by merging it into the revised SP 800-38A, and received additional comments on that proposed decision.

NIST has decided to revise SP 800-38A and to convert the SP 800-38A Addendum. The main goals of these actions are to  

  1. limit the approval of the Electronic Codebook (ECB) mode to instances that are specifically allowed by other NIST standards or guidance, such as the challenge-response protocol in Appendix A.1 of SP 800-73-4.
  2. clarify the requirements on the initialization vectors (IVs) and the counter blocks,
  3. provide guidance on the importance of incorporating authentication, where feasible,
  4. incorporate the content of the addendum—three variations of ciphertext stealing for Cipher Block Chaining mode—into the revision of SP 800-38A, and
  5. improve the editorial quality and update the references.

In general, the confidentiality-only modes of SP 800-38A have security vulnerabilities as described in detail in the initial public draft of NIST IR 8459. NIST intends to explore the possibility of approving a tweakable wide encryption technique in order to provide a more secure alternative for encryption applications. Such a technique could also be adapted to provide authenticated encryption with associated data (AEAD) and key wrapping. NIST plans to explore this possibility in some depth at the Third NIST Workshop on Block Cipher Modes of Operation 2023. If a suitable additional technique is eventually approved in a new publication, NIST will consider deprecating the modes in SP 800-38A.

The effort to revise SP 800-38A has not yet begun but will follow the typical process of releasing an initial draft for public comment. Monitor progress on CSRC News and CSRC Publications and by subscribing to email updates.

Parent Project

See: Block Cipher Techniques

Related Topics

Security and Privacy: encryption

Created April 27, 2023, Updated April 28, 2023