The specification of the Triple Data Encryption Algorithm (TDEA), NIST SP 800-67 Rev. 2, will be withdrawn January 1, 2024. The algorithm will be disallowed for applying cryptographic protection but will continue to be allowed for processing already-prot
NIST will withdraw Special Publication (SP) 800-67 Revision 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, on January 1, 2024.
Initially published in 2004, SP 800-67 specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). DEA was originally specified in Federal Information Processing Standards Publication (FIPS) 46, The Data Encryption Standard, which was withdrawn in 2005. TDEA, which uses three DEA keys for its operation, was designed as an interim replacement for DEA.
SP 800-67 was later revised in 2012 and 2017 to require the following limits on the number of data blocks produced:
The 2017 revision also disallowed the use of 2TDEA.
In 2019, SP 800-131A Rev. 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, additional limitations were announced on the use of TDEA for applying cryptographic protection (i.e., encryption, key wrapping, and the generation of Message Authentication Codes (MACs)). In particular, this category of use of TDEA will be
TDEA will continue to be allowed for the decryption, key unwrapping, and verification of MACs of already-protected data.
To reinforce the transition away from TDEA, SP 800-67 Rev. 2 will be withdrawn soon after December 31, 2023. However, SP 800-67 Rev. 2 will remain available online for historical purposes.
Testing of TDEA through the Cryptographic Algorithm Validation Program (CAVP) will remain available. Per SP 800-131A Rev. 2, any FIPS 140-3 validated modules that include TDEA for applying protection will be moved to the historical list after December 31, 2023. See the Algorithm Historical List Dates expandable table on the Cryptographic Module Validation Program (CMVP) programmatic transitions page for more information about the TDEA transition.
Inquiries about this announcement should be submitted to sp800-67comments [at] nist.gov (sp800-67comments[at]nist[dot]gov).