On this page are listed the modes of operation that NIST has accepted for consideration. For each proposed mode, links are given to the available documentation, as described in the following list of abbreviations:
|
|
(The links within the key table itself refer to the corresponding section of the submission guidelines)
The modes proposals are organized into the four tables below:Mode | Full Mode Name | Available Documentation |
CCM | Counter with CBC-MAC R. Housley, D. Whiting, N. Ferguson (Posted June 3, 2002) |
SP |
AD1 |
AD2 IP | TV | SU |
CS |
Cipher-State R. Schroeppel (Posted May 7, 2004) |
SP |
AD |
IP TV | SU |
CWC |
Carter Wegman (authentication) with Counter (encryption) T. Kohno, J. Viega, D. Whiting (Posted June 9, 2003) |
SP |
AD |
IP TV | SU |
EAX |
A Conventional Authenticated-Encryption Mode M. Bellare, P. Rogaway, D. Wagner (Posted October 3, 2003) |
SP |
AD |
IP TV | SU |
GCM |
Galois/Counter Mode D. McGrew, J. Viega (Revised specifcation posted June 2, 2005) |
SP |
AD1 |
AD2 IP | TV | SU |
IACBC |
Integrity Aware Cipher Block Chaining C. Jutla |
SP |
AD |
IP TV | SU |
IAPM |
Integrity Aware Parallelizable Mode C. Jutla |
SP |
AD1 |
AD2 AD3 | IP | TV | SU |
OCB |
Offset Codebook P. Rogaway |
SP |
AD |
IP CD | TV | SU |
PCFB |
Propagating Cipher Feedback H. Hellström |
SP |
AD |
IP TV | SU |
SIV | Synthetic IV P. Rogaway, T. Shrimpton (Posted September 11, 2007) |
SP | AD | IP TV1 | TV2 | SU |
XCBC |
eXtended Cipher Block Chaining Encryption V. Gligor, P. Donescu |
SP |
AD |
IP TV | SU |
Mode | Full Mode Name | Available Documentation |
OMAC |
OMAC: One-Key CBC T. Iwata, K. Kurosawa (Posted December 20, 2002) |
SP |
AD |
IP TV | SU |
PMAC |
Parallelizable Message Authentication Code P. Rogaway |
SP |
AD |
IP CD | TV | SU |
RMAC |
Randomized MAC E. Jaulmes, A. Joux, F. Valette |
SP |
AD |
IP TV | SU |
TMAC |
Two-Key CBC MAC K. Kurosawa, T. Iwata (Posted July 9, 2002) |
SP |
AD |
IP TV | SU |
XCBC (MAC) |
Extended Cipher Block Chaining MAC J. Black, P. Rogaway |
SP |
AD |
IP TV | SU |
XECB (MAC) |
eXtended Electronic Code Book MAC V. Gligor, P. Donescu |
SP |
AD |
IP TV | SU |
Mode | Full Mode Name | Available Documentation |
2DEM |
2D-Encryption Mode A. A. Belal, M. A. Abdel-Gawad |
SP |
AD |
IP CD | TV | SU |
ABC |
Accumulated Block Chaining L. Knudsen |
SP |
AD |
IP TV | SU |
CTR |
Counter Mode Encryption H. Lipmaa, P. Rogaway, D. Wagner |
SP |
AD |
IP TV | SU |
FFSEM | Feistel Finite Set Encryption Mode T. Spies (Posted February 6, 2008) |
SP |
AD |
IP TV | SU |
IGE |
Infinite Garble Extension V. Gligor, P. Donescu |
SP |
AD |
IP TV | SU |
Mode | Full Mode Name | Available Documentation |
KFB |
Key Feedback Mode J. Håstad, M. Naslund |
SP |
AD |
IP TV | SU |
*AES- hash (Hash) |
AES-hash B. Cohen |
SP |
AD |
IP TV | SU |
* AES-hash as defined in the submission will not be adopted in the current development effort because it requires the Rijndael algorithm with a block size of 256 bits, not 128 bits (as specified in the AES). Rijndael has not been vetted with a block size other than 128 bits. Nevertheless, NIST will consider comments on this proposal and on the issues it raises: whether to develop a hash mode, and whether and how to develop/vet additional variants of the AES.