Standards
This page provides a non-exhaustive list of cryptography standards and documentations related to cryptography and information security. Where possible, the latest version of the document and the date published are stated following the document's name. Where available, we also provide a brief description of the document which may be copied verbatim from the original source. Note that the published information in this page may not be entirely accurate and the reader should consult the original source of the document for the latest version.
ISO/IEC 9796: Information technology -- Security techniques -- Digital Signature Schemes Giving Message Recovery
Part 2: Integer factorization based mechanisms (9796-2). ISO/IEC 9796-2:2010 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.
Part 3: Discrete logarithm based mechanisms (9796-3). It specifies six digital signature schemes giving data recovery: NR, ECNR, ECMR, ECAO, ECPV, and ECKNR. NR is defined on a prime field; ECNR, ECMR, ECAO, ECPV, and ECKNR are defined on an elliptic curve over a finite field.
ISO/IEC 9797: Information technology -- Security techniques -- Message Authentication Codes (MACs)
Part 2: Mechanisms using a dedicated hash-function (9797-2). It specifies MDx-MAC, HMAC and a variant of MDx-MAC. These MACs are used with a dedicated hash function specified in ISO/IEC 10118-3.
Part 3: Mechanisms using a universal hash-function (9797-3). It specifies UMAC, Badger, Poly1305-AES, GMAC.
ISO/IEC 9798: Information technology -- Security techniques -- Entity Authentication
ISO/IEC 10116: Information technology -- Security techniques -- Modes of operation for an n-bit block cipher. It specifies ECB, CBC, CFB, OFB and CTR modes
ISO/IEC 10118: Information technology -- Security techniques -- Hash-functions
Part 2: Hash-functions using an n-bit block cipher (10118-2)
Part 3: Dedicated hash-functions (10118-3). In the 2004 edition, the standard specifies RIPEMD-160, RIPEMD-128, SHA-1, SHA-256, SHA-512, SHA-384, WHIRLPOOL and SHA-224. In the 2018 edition, there is no specific mention of the standardised algorithms in the Abstract.
ISO/IEC 11770: Information technology -- Security techniques -- Key management
ISO/IEC 14888: Information technology -- Security techniques -- Digital signatures with appendix
ISO/IEC 15946: Information technology -- Security techniques -- Cryptographic techniques based on elliptic curves
ISO/IEC 18033: Information technology -- Security techniques -- Encryption algorithms
Part 3: Block ciphers (18033-3). It specifies 64-bit block ciphers (TDEA, MISTY1, CAST-128, HIGHT) and 128-bit block ciphers (AES, Camellia, SEED)
Part 8: Fully Homomorphic Encryption (18033-8) - as at 13 Oct 2022, this standard is under development
ISO/IEC 19772: Information technology -- Security techniques -- Authenticated encryption. It specifies OCB 2.0 (removed since it has been broken), Key Wrap, CCM, EAX, Encrypt-then-MAC, GCM
ISO/IEC 29192: Information technology -- Security techniques -- Lightweight cryptography
Part 2: Block ciphers (29192-2). It specifies PRESENT and CLEFIA.
Part 3: Stream ciphers (29192-3). It specifies Enocoro and Trivium.
Part 5: Hash functions (29192-5). It specifies PHOTON, SPONGENT, Lesamnta-LW.
Part 6: Message authentication codes (MACs) (29192-6) It specifies LightMAC, Tsudik's keymode and Chaskey-12
Part 8: Authenticated encryption (29192-8). It specifies an authenticated encryption scheme based on a lightweight stream cipher
NIST Federal Information Processing Standards (FIPS)
FIPS 140-3: Security Requirements for Cryptographic Modules (supersedes FIPS 140-2) [2019-03-22]
FIPS 180-4: Secure Hash Standard (SHS)
FIPS 186-5: Digital Signature Standard (DSS). FIPS 186-4 is to be withdrawn on 3 Feb 2024.
FIPS 197: Advanced Encryption Standard (AES)
FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC). As of 20 Feb 2023, this publication will be converted to NIST SP 800-224. FIPS 198-1 will be withdrawn once NIST SP 800-224 is published.
FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard (draft 24 Aug 2023)
FIPS 204: Module-Lattice-Based Digital Signature Standard (draft 24 Aug 2023)
FIPS 205: Stateless Hash-Based Digital Signature Standard (draft 24 Aug 2023)
NIST Special Publications (SP)
SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters
SP 800-185: SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash
SP 800-175A: Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies [2016-08]
SP 800-175B: Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms [2016-08]
SP 800-135 Rev. 1: Recommendation for Existing Application-Specific Key Derivation Functions
SP 800-133 Rev. 2: Recommendation for Cryptographic Key Generation
SP 800-132: Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-131A Rev. 2: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
SP 800-130: A Framework for Designing Cryptographic Key Management Systems
SP 800-108: Recommendation for Key Derivation Using Pseudorandom Functions (Revised)
SP 800-107 Rev. 1: Recommendation for Applications Using Approved Hash Algorithms
SP 800-106: Randomized Hashing for Digital Signatures
SP 800-102: Recommendation for Digital Signature Timeliness
SP 800-90A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators
SP 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation
SP 800-90C (Draft): DRAFT Recommendation for Random Bit Generator (RBG) Constructions
SP 800-89: Recommendation for Obtaining Assurances for Digital Signature Applications
SP 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification
SP 800-77 Rev. 1: Guide to IPsec VPNs
SP 800-67 Rev. 1: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
SP 800-63-3: Digital Identity Guidelines
SP 800-63A: Enrolment and Identity Proofing
SP 800-63B: Authentication and Lifecycle Management
SP 800-63C: Federation and Assertions
SP 800-57 Part 1 Rev. 4: Recommendation for Key Management, Part 1: General
SP 800-57 Part 2: Recommendation for Key Management, Part 2: Best Practices for Key Management Organization
SP 800-57 Part 3 Rev. 1: Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
SP 800-56A Rev. 2: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
SP 800-56B Rev. 1: Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography
SP 800-56C: Recommendation for Key Derivation through Extraction-then-Expansion
SP 800-52: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
SP 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques
SP 800-38A Addendum: Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode
SP 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication
SP 800-38C: Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality
SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
SP 800-38E: Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices
SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
SP 800-38G: Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption
SP 800-29: A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2
SP 800-22 Rev. 1a: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
Others
CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. Version 1.6.5 [2019-04-16]
European Payments Council Guidelines on Cryptographic Algorithms Usage and Key Management. Version 8.0 [2018-12-18]
OWASP Guide to Cryptography. [2018-06-13]
Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 [March 2022]
WebTrust for Certification Authorities: WebTrust Principles and Criteria for Certification Authorities. Version 2.2 [2019-05-01]
History (yyyy-mm-dd)
2024-03-12: Added initial public drafts of FIPS 203, 204 and 205
2023-12-20: Added EMV Specifications
2023-12-11: The list is going to be updated from time-to-time, especially related to NIST SPs. Any updates to NIST SPs will not be notified here for the moment.Â
2023-02-20: Added ISO/IEC 9796-2 and 9796-3. Updated information on FIPS 198-1. Updated FIPS 186-4 to 186-5.
2022-10-13: Added SP 800-77, ISO/IEC 18033-8, ISO/IEC 29192-7 and ISO/IEC 29192-8
2020-11-25: Added ISO/IEC 18033-7 and updated ISO/IEC 29192-6
2019-09-10: Added ISO/IEC 18032
2019-08-02: Added FIPS 140-3 and "Others" section
2019-07-08: Added ISO/IEC 15946
2018-01-30: Added ISO/IEC 24759
2018-01-26: Added ISO/IEC 9798
2017-08-02: Added ISO/IEC 14888
2017-04-05: Added NIST SPs related to cryptography
2017-03-07: Added ISO/IEC 11770