Cosmiq Homepage | Léo Perrin's Homepage

Standardized Symmetric Cryptography

Table of Contents

It can be hard to navigate all the esoteric codes of the different standardizing bodies. In this page, I try and list all the standards (international and national) that contain symmetric algorithms.

The information on this page is gathered from public sources, typically from the summaries of the standards provided by the different institution. While some standards are totally free to read, others must be bought (for a hefty amount!); it is in particular the case for ISO standards. However, the algorithms are often publicly available via other channels. For instance, while the ISO standard specifying the AES is behind a paywall, the NIST one is not.

This list is a work in progress: if there are algorithms missing, do let me know!

1 International


For some reason, hash functions are always called "hash-function" in ISO/IEC standards.

1.1.1 18033: Encryption Algorithms

Part 1 (18033-1) General
This standard introduces all the notations and concepts needed by the other standards in this category.
Part 2 (18033-2) Asymmetric Ciphers
This one deals with "asymmetric encryption", i.e. it is not relevant here.
Part 3 (18033-3) Block Ciphers
Several algorithms are contained in this part. Some are in the body of the text while some are in the appendix.
64-bit Block Ciphers
  • TDEA (triple DES)
  • MISTY1
  • CAST-128
128-bit Block Ciphers
  • AES
  • Camellia
  • SEED
  • SM4 and Kuznyechik were in the process of being included via an amendment but it was cancelled because of the mystery surrounding the S-box of Kuznyechik (see Section "Results on the Russian Algorithms" in this page).
Part 4 (18033-4) Stream Ciphers
  • MUGI
  • SNOW 2.0
  • Rabbit
  • Decim v2
  • KCipher-2 (K2)
Part 5 (18033-5) Identity-based Ciphers
This part deals with identity-based encryption schemes, i.e. it is not relevant here.
Part 6 (18033-6) Homomorphic Encryption
This part deals with homomorphic encryption schemes, i.e. it is not relevant here.

1.1.2 10118: Hash functions

Part 1 (10118-1) General
This standard introduces all the notations and concepts needed by the other standards in this category.
Part 2 (10118-2) Hash-functions using an n-bit block cipher
This standard specifies modes of operation for building a hash function out of block cipher operating on n bits. Four such techniques are provided; they are aptly called "Hash-function 1", …, and "Hash-function 4".
Part 3 (10118-3) Dedicated hash-functions
  • RIPEMD-160
  • RIPEMD-128
  • SHA-1
  • SHA-256
  • SHA-512
  • SHA-384
  • Streebog
  • SM3
Part 4 (10118-4) Hash-functions using modular arithmetic
This standard deals with hash function built using functions traditionnally used in asymmetric cryptography. It contains MASH-1 and MASH-2.

1.1.3 29192: Lightweight Cryptography

Part 1 (29192-1) General
This standard introduces all the notations and concepts needed by the other standards in this category. It also contains the definition of lightweightness according to ISO.
Part 2 (29192-2) Block Ciphers
The NSA ciphers SIMON and SPECK were considered for inclusion in this standard but were eventually kicked out.
Part 3 (29192-3) Stream Ciphers
  • Enocoro
  • Trivium
Part 4 (29192-4) Mechanisms using Asymmetric Techniques
Not relevant here.
Part 5 (29192-5) Hash-Functions
  • Lesamnta-LW
Part 6 (29192-6) Message Authentication Codes (MACs) under development
  • LightMAC (mode of operation)
  • Chaskey
Part 7 (29192-7) Broadcast Authentication Protocols under development
Not relevant here.

1.2 IETF's "Request for Comments"

1.2.1 Hash Functions

  • RFC 3174: SHA-1; link
  • RFC 3874: SHA-224; link
  • RFC 4634: SHA-224/256/384/512; link
  • RFC 6986: Streebog; link
  • RFC 7693: Blake2; link

1.2.2 Block Ciphers

  • RFC 2040: RC5; link
  • RFC 2144: CAST; link
  • RFC 2944: MISTY1; link
  • RFC 3713: Camellia; link
  • RFC 4009: SEED; link
  • RFC 5794: ARIA; link
  • RFC 7801: Kuznyechik; link

2 National

2.1 Belarus

  • Bel-T (block cipher)
  • Bash (hash function)

2.2 China

The Chinese "State Cryptography Administration" has standardized some symetric algorithms.

  • GB/T 32905-2016: SM3 (hash function)
  • GB/T 32907-2016: SM4 (block cipher)

2.3 Russia

Russian standards are handled by the Euro-Asian Council for Standardization, Metrology and Certification (EASC). Each of them is a "state union standard", which in Russian is abbreviated into "GOST".

  • GOST R 34.11-2012: Streebog (hash function)
  • GOST R 34.12-2015: Kuznyechik, Magma (block ciphers)

2.4 South Korea

Several local algorithms are standardized by the national standardizing bodies.

  • KS X 1213:2004: ARIA (block cipher)
  • KS X 3246: LEA (block cipher)
  • KS X 3262: LSH (hash function)
  • TTAS.KO-12.0004: SEED (block cipher)
  • TTAS.KO-12.0040: HIGHT (block cipher)

2.5 Ukraine

  • Kalyna (block cipher)
  • Kupyna (hash function)

2.6 USA

American standards are handled by the National Institute of Standards and Technology (NIST). Each document is a "Federal Information Processing Standard" (FIPS).

  • FIPS 180: SHA-1, SHA-2, SHA-3 (the latest version is FIPS 180-4)
  • FIPS 185: Skipjack
  • FIPS 197: AES

The situation of the Skipjack block cipher is a bit complicated. It is explicitely mentionned in several NIST documents (e.g. SP 800-17, FIPS 185), it is one of the algorithms that NIST can validate (though only for legacy use), but its specification was never in a FIPS, only an informal note.

3 Recommendations

Several countries do not have standards or norms for cryptographic algorithms, and choose instead to publish lists of "recommended" algorithms. These are listed in this section.

3.1 Canada

The Canadian Centre for Cyber Security issues some recommendations for full TLS ciphersuites. Those rely on the following symmetric primitives:

  • AES;
  • SHA-256, SHA-384, SHA-512;
  • all SHA-3 variants with a digest size of at least 256 bits.

CAST and 3DES are explicitely supposed to be phased out, along with hash functions with digests shorter than 256 bits.

3.2 Japan

Strictly speaking, Japan does not have standardized cryptographic algorithms. However, CRYPTREC maintains a list of "recommended algorithms" which contains the following symmetric algorithms.

  • AES (block cipher)
  • Camellia (block cipher)
  • KCipher-2 (stream cipher)
  • SHA-256, SHA-384, SHA-512

3.3 Malaysia

The MySEAL project lists some cryptographic primitives that are deemed safe along with the reasoning behind the (non-)inclusion of various algorithms. Recommended algorithms are:

  • SHA-384, SHA-512;
  • all variants of SHA-3.

Last Update (by me): 02/12/2020