NIST Requests Public Comments on SP 800-38B and SP 800-38C | CMAC and CCM Block Cipher Modes of Operation

NIST maintains its cryptography standards and guidelines using a periodic review process.  

Currently, we are reviewing the following publications:

• NIST Special Publication (SP) 800-38B, Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication, 2016
• NIST SP 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality, 2007

NIST requests feedback on all aspects of these publications. Additionally, NIST would appreciate feedback on the guidance for CMAC and CCM authentication tag lengths.  Currently, both publications recommend a minimum tag length of 64 bits.

• Should these publications require that the authentication tags for CMAC and CCM meet a minimum threshold, such as 64 bits or more?
• If not, what conditions/requirements on implementations should be specified for the use of shorter authentication tags for CMAC and CCM?

The public comment period is open through September 13, 2024. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.

Send comments to cryptopubreviewboard@nist.gov with “Comments on SP 800-38B" or “Comments on SP 800-38C” in the subject. 

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: cryptopubreviewboard@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov