Standards

This page provides a non-exhaustive list of cryptography standards and documentations related to cryptography and information security. Where possible, the latest version of the document and the date published are stated following the document's name. Where available, we also provide a brief description of the document which may be copied verbatim from the original source. Note that the published information in this page may not be entirely accurate and the reader should consult the original source of the document for the latest version.

ISO/IEC 9796: Information technology -- Security techniques -- Digital Signature Schemes Giving Message Recovery

• Part 2: Integer factorization based mechanisms (9796-2). ISO/IEC 9796-2:2010 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.

• Part 3: Discrete logarithm based mechanisms (9796-3). It specifies six digital signature schemes giving data recovery: NR, ECNR, ECMR, ECAO, ECPV, and ECKNR. NR is defined on a prime field; ECNR, ECMR, ECAO, ECPV, and ECKNR are defined on an elliptic curve over a finite field.

ISO/IEC 9797: Information technology -- Security techniques -- Message Authentication Codes (MACs)

• Part 1: Mechanisms using a block cipher (9797-1)

• Part 2: Mechanisms using a dedicated hash-function (9797-2). It specifies MDx-MAC, HMAC and a variant of MDx-MAC. These MACs are used with a dedicated hash function specified in ISO/IEC 10118-3.

• Part 3: Mechanisms using a universal hash-function (9797-3). It specifies UMAC, Badger, Poly1305-AES, GMAC.

ISO/IEC 9798: Information technology -- Security techniques -- Entity Authentication

• Part 1: General (9798-1)

• Part 2: Mechanisms using authenticated encryption (9798-2)

• Part 3: Mechanisms using digital signature techniques (9798-3)

• Part 4: Mechanisms using a cryptographic check function (9798-4)

• Part 5: Mechanisms using zero-knowledge techniques (9798-5)

• Part 6: Mechanisms using manual data transfer (9798-6)

ISO/IEC 10116: Information technology -- Security techniques -- Modes of operation for an n-bit block cipher. It specifies ECB, CBC, CFB, OFB and CTR modes

ISO/IEC 10118: Information technology -- Security techniques -- Hash-functions

• Part 1: General (10118-1)

• Part 2: Hash-functions using an n-bit block cipher (10118-2)

• Part 3: Dedicated hash-functions (10118-3). In the 2004 edition, the standard specifies RIPEMD-160, RIPEMD-128, SHA-1, SHA-256, SHA-512, SHA-384, WHIRLPOOL and SHA-224. In the 2018 edition, there is no specific mention of the standardised algorithms in the Abstract.

• Part 4: Hash-functions using modular arithmetic (10118-4)

ISO/IEC 11770: Information technology -- Security techniques -- Key management

• Part 1: Framework

• Part 2: Mechanisms using symmetric techniques

• Part 3: Mechanisms using asymmetric techniques

• Part 4: Mechanisms based on weak secrets

• Part 5: Group key management

• Part 6: Key derivation

• Part 7: Cross-domain password-based authenticated key exchange

ISO/IEC 14888: Information technology -- Security techniques -- Digital signatures with appendix

• Part 1: General (14888-1)

• Part 2: Integer factorization based mechanisms (14888-2)

• Part 3: Discrete logarithm based mechanisms (14888-3)

ISO/IEC 15946: Information technology -- Security techniques -- Cryptographic techniques based on elliptic curves

• Part 1: General (15946-1)

• Part 2: Digital signatures (15946-2) -- Withdrawn

• Part 3: Key establishment (15946-3) -- Withdrawn -- revised by ISO/IEC 11770-3

• Part 4: Digital signatures giving message recovery (15946-4) -- Withdrawn

• Part 5: Elliptic curve generation (15946-5)

ISO/IEC 18031: Information technology -- Security techniques -- Random bit generation

ISO/IEC 18032: Information technology -- Security techniques -- Prime number generation

ISO/IEC 18033: Information technology -- Security techniques -- Encryption algorithms

• Part 1: General (18033-1)

• Part 2: Asymmetric ciphers (18033-2)

• Part 3: Block ciphers (18033-3). It specifies 64-bit block ciphers (TDEA, MISTY1, CAST-128, HIGHT) and 128-bit block ciphers (AES, Camellia, SEED)

• Part 4: Stream ciphers (18033-4)

• Part 5: Identity-based ciphers (18033-5)

• Part 6: Homomorphic encryption (18033-6)

• Part 7: Tweakable block ciphers (18033-7)

• Part 8: Fully Homomorphic Encryption (18033-8) - as at 13 Oct 2022, this standard is under development

ISO/IEC 19772: Information technology -- Security techniques -- Authenticated encryption. It specifies OCB 2.0 (removed since it has been broken), Key Wrap, CCM, EAX, Encrypt-then-MAC, GCM

ISO/IEC 19790: Information technology -- Security techniques -- Security requirements for cryptographic modules

ISO/IEC 24759: Information technology -- Security techniques -- Test requirements for cryptographic modules

ISO/IEC 29192: Information technology -- Security techniques -- Lightweight cryptography

• Part 1: General (29192-1)

• Part 2: Block ciphers (29192-2). It specifies PRESENT and CLEFIA.

• Part 3: Stream ciphers (29192-3). It specifies Enocoro and Trivium.

• Part 4: Mechanisms using asymmetric techniques (29192-4)

• Part 5: Hash functions (29192-5). It specifies PHOTON, SPONGENT, Lesamnta-LW.

• Part 6: Message authentication codes (MACs) (29192-6) It specifies LightMAC, Tsudik's keymode and Chaskey-12

• Part 7: Broadcast authentication protocols (29192-7)

• Part 8: Authenticated encryption (29192-8). It specifies an authenticated encryption scheme based on a lightweight stream cipher

NIST Federal Information Processing Standards (FIPS)

• FIPS 140-3: Security Requirements for Cryptographic Modules (supersedes FIPS 140-2) [2019-03-22]

• FIPS 180-4: Secure Hash Standard (SHS)

• FIPS 186-5: Digital Signature Standard (DSS). FIPS 186-4 is to be withdrawn on 3 Feb 2024.

• FIPS 197: Advanced Encryption Standard (AES)

• FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC). As of 20 Feb 2023, this publication will be converted to NIST SP 800-224. FIPS 198-1 will be withdrawn once NIST SP 800-224 is published.

• FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

• FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard (draft 24 Aug 2023)

• FIPS 204: Module-Lattice-Based Digital Signature Standard (draft 24 Aug 2023)

• FIPS 205: Stateless Hash-Based Digital Signature Standard (draft 24 Aug 2023)

NIST Special Publications (SP)

• SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters

• SP 800-185: SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash

• SP 800-175A: Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies [2016-08]

• SP 800-175B: Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms [2016-08]

• SP 800-135 Rev. 1: Recommendation for Existing Application-Specific Key Derivation Functions

• SP 800-133 Rev. 2: Recommendation for Cryptographic Key Generation

• SP 800-132: Recommendation for Password-Based Key Derivation: Part 1: Storage Applications

• SP 800-131A Rev. 2: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

• SP 800-130: A Framework for Designing Cryptographic Key Management Systems

• SP 800-108: Recommendation for Key Derivation Using Pseudorandom Functions (Revised)

• SP 800-107 Rev. 1: Recommendation for Applications Using Approved Hash Algorithms

• SP 800-106: Randomized Hashing for Digital Signatures

• SP 800-102: Recommendation for Digital Signature Timeliness

• SP 800-90A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators

• SP 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation

• SP 800-90C (Draft): DRAFT Recommendation for Random Bit Generator (RBG) Constructions

• SP 800-89: Recommendation for Obtaining Assurances for Digital Signature Applications

• SP 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification

• SP 800-77 Rev. 1: Guide to IPsec VPNs

• SP 800-67 Rev. 1: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

• SP 800-63-3: Digital Identity Guidelines

• SP 800-63A: Enrolment and Identity Proofing

• SP 800-63B: Authentication and Lifecycle Management

• SP 800-63C: Federation and Assertions

• SP 800-57 Part 1 Rev. 4: Recommendation for Key Management, Part 1: General

• SP 800-57 Part 2: Recommendation for Key Management, Part 2: Best Practices for Key Management Organization

• SP 800-57 Part 3 Rev. 1: Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance

• SP 800-56A Rev. 2: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography

• SP 800-56B Rev. 1: Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography

• SP 800-56C: Recommendation for Key Derivation through Extraction-then-Expansion

• SP 800-52: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

• SP 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques

• SP 800-38A Addendum: Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode

• SP 800-38B: Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication

• SP 800-38C: Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality

• SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC

• SP 800-38E: Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices

• SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

• SP 800-38G: Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption

• SP 800-29: A Comparison of the Security Requirements for Cryptographic Modules in FIPS 140-1 and FIPS 140-2

• SP 800-22 Rev. 1a: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

Others

• CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. Version 1.6.5 [2019-04-16]

• European Payments Council Guidelines on Cryptographic Algorithms Usage and Key Management. Version 8.0 [2018-12-18]

• EMV Specifications

• OWASP Guide to Cryptography. [2018-06-13]

• Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 [March 2022]

• WebTrust for Certification Authorities: WebTrust Principles and Criteria for Certification Authorities. Version 2.2 [2019-05-01]

History (yyyy-mm-dd)

• 2024-03-12: Added initial public drafts of FIPS 203, 204 and 205

• 2023-12-20: Added EMV Specifications

• 2023-12-11: The list is going to be updated from time-to-time, especially related to NIST SPs. Any updates to NIST SPs will not be notified here for the moment. 

• 2023-02-20: Added ISO/IEC 9796-2 and 9796-3. Updated information on FIPS 198-1. Updated FIPS 186-4 to 186-5.

• 2022-10-13: Added SP 800-77, ISO/IEC 18033-8, ISO/IEC 29192-7 and ISO/IEC 29192-8

• 2020-11-25: Added ISO/IEC 18033-7 and updated ISO/IEC 29192-6

• 2019-09-10: Added ISO/IEC 18032

• 2019-08-02: Added FIPS 140-3 and "Others" section

• 2019-07-08: Added ISO/IEC 15946

• 2018-01-30: Added ISO/IEC 24759

• 2018-01-26: Added ISO/IEC 9798

• 2017-08-02: Added ISO/IEC 14888

• 2017-04-05: Added NIST SPs related to cryptography

• 2017-03-07: Added ISO/IEC 11770