Block Cipher Techniques

Block Cipher Modes

A block cipher mode of operation (mode for short) is a method that uses a block cipher to provide an information service, such as confidentiality or authentication.

NIST approves the following block cipher modes of the approved block ciphers in the Special Publication (SP) 800-38 series.

• SP 800-38A specifies the confidentiality modes: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) modes. Additionally, SP 800-38A Addendum specifies three variants of ciphertext stealing (CS) for the CBC mode: the CBC-CS1, CBC-CS2, and CBC-CS3 modes.
• SP 800-38B specifies the Cipher-based Message Authentication Code (CMAC) mode.
• SP 800-38C specifies the Counter with Cipher Block Chaining-Message Authentication Code (CCM) mode for authenticated encryption with associated data.
• SP 800-38D specifies Galois/Counter Mode (GCM) for authenticated encryption with associated data and its specialization, GMAC, to generate a message authentication code.
• SP 800-38E approves the XTS-AES mode for confidentiality on storage devices, where XTS stands for XEX (eXclusive-or Encrypt eXclusive-or) Tweakable block cipher with ciphertext Stealing. The algorithm specification is included in IEEE Std 1619-2007.
• SP 800-38F specifies the AES Key Wrap (KW) mode, the AES Key Wrap with Padding (KWP) mode, and the Triple Data Encryption Algorithm (TDEA) Key Wrap (TKW) mode for confidentiality and integrity of cryptographic keys.
• SP 800-38G specifies the Format-Preserving Encryption (FPE) modes FF1 and FF3.

Several other modes have been submitted to NIST for consideration; the submission documents are available on the Modes Development page. NIST welcomes public input on whether to approve any of these modes. Comments may be submitted to ciphermodes@nist.gov.