Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode

Published

Author(s)

Morris J. Dworkin

Abstract

A limitation to Cipher Block Chaining (CBC) mode, as specified in NIST Special Publication 800-38A, is that the plaintext input must consist of a sequence of blocks. Ciphertext stealing is a padding method in which the required padding bits are "stolen" from the penultimate ciphertext block. This addendum to SP 800-38A specifies three variants of CBC mode with ciphertext stealing. These variants, which differ only in the ordering of the ciphertext bits, can encrypt any input whose bit length is greater than or equal to the block size. Unlike conventional padding methods, these variants do not expand the length of the data.
Citation
Special Publication (NIST SP) - 800-38A Addendum
Report Number
800-38A Addendum

Keywords

block cipher, CBC, cipher block chaining, ciphertext stealing, encryption, information security, mode of operation

Citation

Dworkin, M. (2010), Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906929 (Accessed July 14, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 21, 2010, Updated February 19, 2017