Dworkin, M.
(2010),
Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906929
(Accessed September 1, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
Published
Author(s)
Abstract
A limitation to Cipher Block Chaining (CBC) mode, as specified in NIST Special Publication 800-38A, is that the plaintext input must consist of a sequence of blocks. Ciphertext stealing is a padding method in which the required padding bits are "stolen" from the penultimate ciphertext block. This addendum to SP 800-38A specifies three variants of CBC mode with ciphertext stealing. These variants, which differ only in the ordering of the ciphertext bits, can encrypt any input whose bit length is greater than or equal to the block size. Unlike conventional padding methods, these variants do not expand the length of the data.Citation
Special Publication (NIST SP) - 800-38A Addendum
Report Number
800-38A Addendum
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
block cipher, CBC, cipher block chaining, ciphertext stealing, encryption, information security, mode of operation
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created October 21, 2010, Updated February 19, 2017