cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

NIST publishes report on Block Cipher mode

Hi All

 

National Institute of Standards and Technology (NIST) publishes the "Report on the Block Cipher Modes of Operation in the NIST SP 800-38 Series"

This report focuses on the NIST-recommended block cipher modes of operation specified in NIST Special Publications (SP) 800-38A through 800-38F. The goal is to provide a concise survey of relevant research results about the algorithms and their implementations. Based on these findings, the report concludes with a set of recommendations to improve the corresponding standards.

Good hints if you are interested in the future
Summary of recommendations:
Consider disallowing ECB for encrypting secrets.
Consider not yet deprecating the other NIST SP 800-38A modes (confidentiality modes), as they are widely used in certain applications where a more secure NIST-recommended alternative is not yet available.  Consider the standardization of an AEAD mode of operation to address certain “misuse” scenarios, including nonce reuse and short tags (or no tags). This mode of operation is not intended for general use but must be restricted to the specific applications where such types of “misuse” may be unavoidable. The efficiency of this AEAD mode must be similar or better than the current NIST-recommended modes.
Consider not yet deprecating NIST SP 800-38E and SP 800-38F, as the applications for which they are intended also require a mode with certain misuse resistance properties that is not yet available as a NIST standard.
Consider reaffirming NIST SP 800-38B, SP 800-38C, and SP 800-38D and possibly making some corrections to aim for consistent levels of security between the documents, such as providing consistent restrictions on tag lengths for certain applications. Additionally, backward compatible extensions of these standards may be considered if there is sufficient demand (e.g., extending the specifications to overcome the plaintext length limits).
Consider minor fixes and clarifications for all documents.

 

https://csrc.nist.gov/pubs/ir/8459/final

 

Regards

 

Caute_Cautim

0 Replies