Try the new and let us know what you think!
(Note: Beta site content may not be complete.)

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Block Ciphers

Approved Algorithms

Currently, there are two (2) Approved1 block cipher algorithms that can be used for both applying cryptographic protection (e.g., encryption) and removing or verifying the protection that was previously applied (e.g., decryption): AES and Triple DES. Two (2) other block cipher algorithms were previously approved: DES and Skipjack; however, their approval has been withdrawn. See the discussions below for further information; also see SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, for additional information about the use of these block cipher algorithms.

Federal agencies should see OMB guidance about the use of strong encryption algorithms and OMB Memorandum 07-16, item C about the use of NIST certified cryptographic modules.

Advanced Encryption Standard (AES)

AES is specified in Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES), which was approved in November 2001. AES must be used with the modes of operation designed specifically for use with block cipher algorithms.

NIST announced the approval of FIPS 197 Advance Encryption Standard in 2001. This standard specifies the Rijndael algorithm as a FIPS-approved symmetric-key algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.

Additional information regarding the use of AES can be found at

Complete information on the AES development effort is available at the AES home page. Please note that these pages are included for historical reference only. As these pages refer to a development effort, they may contain errors. Refer to FIPS 197 for the actual specification of AES.

Triple DES

Triple DES is specified in Special Publication (SP) 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. This Recommendation specifies the Triple Data Encryption Algorithm (TDEA) block cipher, which includes a Data Encryption Algorithm (DEA) cryptographic engine that is implemented as a component of TDEA.

DEA was originally specified in FIPS 46, The Data Encryption Standard, which became effective in 1977 and was reaffirmed in 1983, 1988, 1993, and 1999. FIPS 46 was withdrawn in 2005.

TDEA was originally specified in FIPS 46-3, Data Encryption Standard (DES), in October 1999 and later specified in SP 800-67 in 2004. Revision 1 of SP 800-67 replaced the original version of SP 800-67 in 2012.

TDEA must be used with appropriate modes of operation designed for use with block cipher algorithms.

New Revision of SP 800-67:

NIST announces the draft of Special Publication (SP) 800-67, Revision 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher.

This draft is intended to supersede SP 800-67, Revision 1, which limits the TDEA block cipher to apply the cryptographic protection (e.g., encrypt) to 232 64-bit blocks under one key bundle. The draft of SP 800-67, Revision 2 further lowers this limit to 220 64-bit data blocks per key bundle, following the announcement by NIST to update its guidance on the current use of TDEA 

NIST requests comments on Draft SP 800-67, Revision 2 by October 1, 2017. Please submit comments to


The Skipjack algorithm was originally referenced in FIPS 185, Escrowed Encryption Standard (EES), which was approved in February 1994 and withdrawn in October 2015.

Skipjack was approved for use with any of the four (4) modes of operation originally specified in FIPS 81, DES Modes of Operation: : the ECB, CBC, CFB and OFB modes. FIPS 81 was approved in December 1980 and withdrawn in May 2005. Note that these modes remain valid (see Block Cipher Modes). 

NIST provided a clarification regarding byte ordering to the Skipjack specification.

Skipjack is not approved for applying cryptographic protection (e.g., encryption), but may continue to be used for removing the protection (e.g., decryption).

Data Encryption Standard (DES)

DES was originally approved as FIPS 46 in January 1977. After several revisions, the final revision, FIPS 46-3, Data Encryption Standard (DES), was withdrawn in May 2005.

Back to Top

Testing Products

Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).

Back to Top

Additional Information

Modes of Operation for the FIPS-approved encryption algorithms are available on the Modes of Operation page.


1 An algorithm or technique that is either specified in a FIPS or NIST Recommendation.