Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Decision to Revise NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques

NIST has decided to revise SP 800-38A, "Recommendation for Block Cipher Modes of Operation: Methods and Techniques." Read this announcement for more details.

In May 2021, NIST's Crypto Publication Review Board initiated a review process for the following two publications:

and received public comments.

In March 2022, the board proposed revising SP 800-38A and converting the SP 800-38A Addendum by merging it into the revised SP 800-38A, and received additional comments on that proposed decision.

NIST has decided to revise SP 800-38A and to convert the SP 800-38A Addendum. The main goals of these actions are to  

  1. limit the approval of the Electronic Codebook (ECB) mode to instances that are specifically allowed by other NIST standards or guidance, such as the challenge-response protocol in Appendix A.1 of SP 800-73-4.
  2. clarify the requirements on the initialization vectors (IVs) and the counter blocks,
  3. provide guidance on the importance of incorporating authentication, where feasible,
  4. incorporate the content of the addendum—three variations of ciphertext stealing for Cipher Block Chaining mode—into the revision of SP 800-38A, and
  5. improve the editorial quality and update the references.

In general, the confidentiality-only modes of SP 800-38A have security vulnerabilities as described in detail in the initial public draft of NIST IR 8459. NIST intends to explore the possibility of approving a tweakable wide encryption technique in order to provide a more secure alternative for encryption applications. Such a technique could also be adapted to provide authenticated encryption with associated data (AEAD) and key wrapping. NIST plans to explore this possibility in some depth at the Third NIST Workshop on Block Cipher Modes of Operation 2023. If a suitable additional technique is eventually approved in a new publication, NIST will consider deprecating the modes in SP 800-38A.

The effort to revise SP 800-38A has not yet begun but will follow the typical process of releasing an initial draft for public comment. Monitor progress on CSRC News and CSRC Publications and by subscribing to email updates.

Released April 28, 2023