Standardized Symmetric Cryptography
Table of Contents
It can be hard to navigate all the esoteric codes of the different standardizing bodies. In this page, I try and list all the standards (international and national) that contain symmetric algorithms.
The information on this page is gathered from public sources, typically from the summaries of the standards provided by the different institution. While some standards are totally free to read, others must be bought (for a hefty amount!); it is in particular the case for ISO standards. However, the algorithms are often publicly available via other channels. For instance, while the ISO standard specifying the AES is behind a paywall, the NIST one is not.
This list is a work in progress: if there are algorithms missing, do let me know!
1 International
1.1 ISO/IEC
For some reason, hash functions are always called "hash-function" in ISO/IEC standards.
1.1.1 18033: Encryption Algorithms
- Part 1 (18033-1) General
- This standard introduces all the notations and concepts needed by the other standards in this category.
- Part 2 (18033-2) Asymmetric Ciphers
- This one deals with "asymmetric encryption", i.e. it is not relevant here.
- Part 3 (18033-3) Block Ciphers
- Several algorithms are contained in this part. Some are in the body of
the text while some are in the appendix.
- 64-bit Block Ciphers
- TDEA (triple DES)
- MISTY1
- CAST-128
- HIGHT
- 128-bit Block Ciphers
- AES
- Camellia
- SEED
- SM4 and Kuznyechik were in the process of being included via an amendment but it was cancelled because of the mystery surrounding the S-box of Kuznyechik (see Section "Results on the Russian Algorithms" in this page).
- Part 4 (18033-4) Stream Ciphers
- MUGI
- SNOW 2.0
- Rabbit
- Decim v2
- KCipher-2 (K2)
- Part 5 (18033-5) Identity-based Ciphers
- This part deals with identity-based encryption schemes, i.e. it is not relevant here.
- Part 6 (18033-6) Homomorphic Encryption
- This part deals with homomorphic encryption schemes, i.e. it is not relevant here.
1.1.2 10118: Hash functions
- Part 1 (10118-1) General
- This standard introduces all the notations and concepts needed by the other standards in this category.
- Part 2 (10118-2) Hash-functions using an n-bit block cipher
- This standard specifies modes of operation for building a hash function out of block cipher operating on n bits. Four such techniques are provided; they are aptly called "Hash-function 1", …, and "Hash-function 4".
- Part 3 (10118-3) Dedicated hash-functions
- RIPEMD-160
- RIPEMD-128
- SHA-1
- SHA-256
- SHA-512
- SHA-384
- WHIRLPOOL
- Streebog
- SM3
- Part 4 (10118-4) Hash-functions using modular arithmetic
- This standard deals with hash function built using functions traditionnally used in asymmetric cryptography. It contains MASH-1 and MASH-2.
1.1.3 29192: Lightweight Cryptography
- Part 1 (29192-1) General
- This standard introduces all the notations and concepts needed by the other standards in this category. It also contains the definition of lightweightness according to ISO.
- Part 2 (29192-2) Block Ciphers
- The NSA ciphers SIMON and SPECK were considered for inclusion in
this standard but were eventually kicked out.
- PRESENT
- CLEFIA
- Part 3 (29192-3) Stream Ciphers
- Enocoro
- Trivium
- Part 4 (29192-4) Mechanisms using Asymmetric Techniques
- Not relevant here.
- Part 5 (29192-5) Hash-Functions
- PHOTON
- SPONGENT
- Lesamnta-LW
- Part 6 (29192-6) Message Authentication Codes (MACs) under development
- LightMAC (mode of operation)
- Chaskey
- Part 7 (29192-7) Broadcast Authentication Protocols under development
- Not relevant here.
1.2 IETF's "Request for Comments"
1.2.1 Hash Functions
2 National
2.1 Belarus
- Bel-T (block cipher)
- Bash (hash function)
2.2 China
The Chinese "State Cryptography Administration" has standardized some symetric algorithms.
- GB/T 32905-2016: SM3 (hash function)
- GB/T 32907-2016: SM4 (block cipher)
2.3 Russia
Russian standards are handled by the Euro-Asian Council for Standardization, Metrology and Certification (EASC). Each of them is a "state union standard", which in Russian is abbreviated into "GOST".
- GOST R 34.11-2012: Streebog (hash function)
- GOST R 34.12-2015: Kuznyechik, Magma (block ciphers)
2.4 South Korea
Several local algorithms are standardized by the national standardizing bodies.
- KS X 1213:2004: ARIA (block cipher)
- KS X 3246: LEA (block cipher)
- KS X 3262: LSH (hash function)
- TTAS.KO-12.0004: SEED (block cipher)
- TTAS.KO-12.0040: HIGHT (block cipher)
2.5 Ukraine
- Kalyna (block cipher)
- Kupyna (hash function)
2.6 USA
American standards are handled by the National Institute of Standards and Technology (NIST). Each document is a "Federal Information Processing Standard" (FIPS).
- FIPS 180: SHA-1, SHA-2, SHA-3 (the latest version is FIPS 180-4)
- FIPS 185: Skipjack
- FIPS 197: AES
The situation of the Skipjack block cipher is a bit complicated. It is explicitely mentionned in several NIST documents (e.g. SP 800-17, FIPS 185), it is one of the algorithms that NIST can validate (though only for legacy use), but its specification was never in a FIPS, only an informal note.
3 Recommendations
Several countries do not have standards or norms for cryptographic algorithms, and choose instead to publish lists of "recommended" algorithms. These are listed in this section.
3.1 Canada
The Canadian Centre for Cyber Security issues some recommendations for full TLS ciphersuites. Those rely on the following symmetric primitives:
- AES;
- SHA-256, SHA-384, SHA-512;
- all SHA-3 variants with a digest size of at least 256 bits.
CAST and 3DES are explicitely supposed to be phased out, along with hash functions with digests shorter than 256 bits.
3.2 Japan
Strictly speaking, Japan does not have standardized cryptographic algorithms. However, CRYPTREC maintains a list of "recommended algorithms" which contains the following symmetric algorithms.
- AES (block cipher)
- Camellia (block cipher)
- KCipher-2 (stream cipher)
- SHA-256, SHA-384, SHA-512
3.3 Malaysia
The MySEAL project lists some cryptographic primitives that are deemed safe along with the reasoning behind the (non-)inclusion of various algorithms. Recommended algorithms are:
- SHA-384, SHA-512;
- all variants of SHA-3.