Currently, there are two (2) Approved* block cipher algorithms that can be used for both applying cryptographic protection (e.g., encryption) and removing or verifying the protection that was previously applied (e.g., decryption): AES and Triple DES. Two (2) other block cipher algorithms were previously approved: DES and Skipjack; however, their approval has been withdrawn. See the discussions below for further information; also see SP 800-131A Rev. 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, for additional information about the use of these block cipher algorithms.
Federal agencies should see OMB guidance about the use of strong encryption algorithms and OMB Memorandum 07-16, item C about the use of NIST certified cryptographic modules.
AES is specified in FIPS 197, Advanced Encryption Standard (AES), which was approved in November 2001. AES must be used with the modes of operation designed specifically for use with block cipher algorithms.
NIST announced the approval of FIPS 197, Advanced Encryption Standard in 2001. This standard specifies the Rijndael algorithm as a FIPS-approved symmetric-key algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.
The AES Development details have been archived.
Triple DES is specified in SP 800-67 Revision 2, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, which was approved in November 2017. This revision supersedes SP 800-67 Rev. 1, which limited the TDEA block cipher to apply the cryptographic protection (e.g., encrypt) to 232 64-bit blocks under one key bundle with three unique keys (i.e., for 3TDEA), and to 220 64-bit blocks when only two keys of the key bundle were unique (i.e., for 2TDEA). Revision 2 lowers the 3TDEA limit to 220 64-bit data blocks per key bundle and disallows the use of TDEA for applying cryptographic protection to new information. These modifications were made in accordance with the announcement by NIST to update its guidance on the current use of TDEA.
DEA was originally specified in FIPS 46, The Data Encryption Standard, which became effective in 1977 and was reaffirmed in 1983, 1988, 1993, and 1999. FIPS 46 was withdrawn in 2005.
TDEA was originally specified in FIPS 46-3, Data Encryption Standard (DES) in October 1999 and later specified in SP 800-67 in 2004. Revision 1 of SP 800-67 replaced the original version of SP 800-67 in 2012.
TDEA must be used with appropriate modes of operation designed for use with block cipher algorithms.
The Skipjack algorithm was originally referenced in FIPS 185, Escrowed Encryption Standard (EES), which was approved in February 1994 and withdrawn in October 2015.
Skipjack was approved for use with any of the four (4) modes of operation originally specified in FIPS 81, DES Modes of Operation: the ECB, CBC, CFB and OFB modes. FIPS 81 was approved in December 1980 and withdrawn in May 2005. Note that these modes remain valid (see Block Cipher Modes).
Skipjack is not approved for applying cryptographic protection (e.g., encryption), but may continue to be used for removing the protection (e.g., decryption).
DES was originally approved as FIPS 46 in January 1977. After several revisions, the final revision, FIPS 46-3, Data Encryption Standard (DES), was withdrawn in May 2005.
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Security and Privacy: encryption, message authentication