NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology / Cybersecurity and privacy

Cryptography

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 1 - 25 of 132

Recommendation for Random Bit Generator (RBG) Constructions

September 25, 2025
Author(s)
Elaine Barker, John Kelsey, Kerry McKay, Allen Roginsky, Meltem Sonmez Turan
The NIST Special Publication (SP) 800-90 series of documents supports the generation of high-quality random bits for cryptographic and non-cryptographic use. SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators

NIST Special Publication 800-227, Recommendations for Key-Encapsulation Mechanisms

September 18, 2025
Author(s)
Gorjan Alagic, Elaine Barker, Lidong Chen, Dustin Moody, Angela Robinson, Hamilton Silberg, Noah Waller
A key-encapsulation mechanism (KEM) is a set of algorithms that can be used by two parties under certain conditions to securely establish a shared secret key over a public channel. A shared secret key that is established using a KEM can then be used with

Addressing Visibility Challenges with TLS 1.3 within the Enterprise

September 17, 2025
Author(s)
William Newhouse
The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. TLS 1.3 has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—also known as

Fiscal Year 2024 Annual Report for NIST Cybersecurity and Privacy Program

April 28, 2025
Author(s)
Patrick O'Reilly, Kristina Rigopoulos
Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Requirements for Cryptographic Accordions

April 11, 2025
Author(s)
Yu Long Chen, Michael Davidson, Morris Dworkin, John Kelsey, Yu Sasaki, Meltem Sonmez Turan, Alyssa Thompson, Nicky Mouha, Donghoon Chang
This report introduces the cryptographic accordion as a tweakable, variable-input-length strong pseudorandom permutation (VIL-SPRP) that is constructed from an underlying block cipher. An accordion facilitates the cryptographic processing of messages of

A Security Perspective on the Web3 Paradigm

February 25, 2025
Author(s)
Dylan Yaga, Peter Mell
Web3 is a proposed vision for the future of the internet that is restructured to be more user-centric with an emphasis on decentralized data. Users would own and manage their personal data, and systems would be decentralized and distributed. Digital tokens

Report on the Block Cipher Modes of Operation in the NIST SP 800-38 Series

September 10, 2024
Author(s)
Nicky Mouha, Morris J. Dworkin
This report focuses on the NIST-recommended block cipher modes of operation specified in NIST Special Publications (SP) 800-38A through 800-38F. The goal is to provide a concise survey of relevant research results about the algorithms and their

Module-Lattice-Based Digital Signature Standard

August 13, 2024
Author(s)
National Institute of Standards and Technology (NIST), Thinh Dang, Jacob Lichtinger, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson
Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the

Module-Lattice-Based Key-Encapsulation Mechanism Standard

August 13, 2024
Author(s)
National Institute of Standards and Technology (NIST), Gorjan Alagic, Quynh Dang, Dustin Moody, Angela Robinson, Hamilton Silberg, Daniel Smith-Tone
A key-encapsulation mechanism (KEM) is a set of algorithms that, under certain conditions, can be used by two parties to establish a shared secret key over a public channel. A shared secret key that is securely established using a KEM can then be used with

Stateless Hash-Based Digital Signature Standard

August 13, 2024
Author(s)
National Institute of Standards and Technology (NIST), David Cooper
This standard specifies the stateless hash-based digital signature algorithm (SLH-DSA). Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data

Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model

April 29, 2024
Author(s)
Kelsey Jackson, Carl A. Miller, Daochen Wang
In the wake of recent progress on quantum computing hardware, the National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols that are resistant to attacks by quantum adversaries. The primary digital signature scheme that

Practical Attack on All Parameters of the DME Signature Scheme

April 28, 2024
Author(s)
Pierre Briaud, Maxime Bros, Ray Perlner, Daniel Smith-Tone
DME is a multivariate scheme submitted to the call for additional signatures recently launched by NIST. Its performance is one of the best among all the candidates. The public key is constructed from the alternation of very structured linear and non-linear

Improved Cryptanalysis of HFERP: Unseen Implications of the Simple Attack

April 13, 2024
Author(s)
Max Cartor, Ryann Cartor, Hiroki Furue, Daniel Smith-Tone
In this paper we introduce a new attack on the multivariate encryption scheme HFERP, a big field scheme including an extra variable set, additional equations of the UOV or Rainbow shape as well as additional random polynomials. Our attack brings several

Post-Quantum Cryptography, and the Quantum Future of Cybersecurity

April 9, 2024
Author(s)
Yi-Kai Liu, Dustin Moody
We review the current status of efforts to develop and deploy post-quantum cryptography on the Internet. Then we suggest specific ways in which quantum technologies might be used to enhance cybersecurity in the near future and beyond. We focus on two goals

Optimizing Implementations of Boolean Functions

January 31, 2024
Author(s)
Meltem Sonmez Turan
Symmetric cryptography primitives are constructed by iterative applications of linear and nonlinear layers. Constructing efficient circuits for these layers, even for the linear one, is challenging. In 1997, Paar proposed a heuristic to minimize the number

Cryptographic Module Validation Program (CMVP) Security Policy Requirements

November 17, 2023
Author(s)
David Hawes, Alexander Calis, Roy Crombie
NIST Special Publication (SP) 800-140Br1 is to be used in conjunction with ISO/IEC 19790 Annex B and ISO/IEC 24759 Section 6.14. This Special Publication modifies only those requirements identified in this document. NIST SP 800-140Br1 also specifies the

A Total Break of the 3WISE Digital Signature Scheme

October 9, 2023
Author(s)
Daniel Smith-Tone
A new batch of ''complete and proper'' digital signature schemes submissions has recently been published NIST as part of its process for establishing post-quantum cryptographic standards. This note communicates an attack on the 3WISE digital signature

A Total Break of the Scrap Digital Signature Scheme

October 2, 2023
Author(s)
Daniel Smith-Tone
Recently a completely new post-quantum digital signature scheme was proposed using the so called ''scrap automorphisms''. The structure is inherently multivariate, but differs significantly from most of the multivariate literature in that it relies on

The Generating Series of Support Minors MinRank Ideals

September 24, 2023
Author(s)
Daniel Smith-Tone
The support minors method has become indispensable to cryptanalysts in attacking various post-quantum cryptosystems in the areas of multivariate cryptography and rank-based cryptography. The complexity analysis for support minors minrank calculations is a

Advanced Encryption Standard (AES)

May 9, 2023
Author(s)
National Institute of Standards and Technology (NIST), Morris J. Dworkin, Meltem Sonmez Turan, Nicky Mouha
In 2000, NIST announced the selection of the Rijndael block cipher family as the winner of theAdvanced Encryption Standard (AES) competition. Three members of the Rijndael family arespecified in this Standard: AES-128, AES-192, and AES-256. These use

Discussion on the Full Entropy Assumption of the SP 800-90 Series

April 14, 2023
Author(s)
Darryl Buller, Aaron Kaufer, Allen Roginsky, Meltem Sonmez Turan
The NIST SP 800-90 series [1][2][3] supports the generation of high-quality random bits for cryptographic and non-cryptographic use. The security strength of a random number generator depends on the unpredictability of its outputs. This unpredictability

Digital Signature Standard (DSS)

February 2, 2023
Author(s)
National Institute of Standards and Technology (NIST), Lily Chen, Dustin Moody, Andrew Regenscheid, Angela Robinson
This standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed
Was this page helpful?