LLMpediaThe first transparent, open encyclopedia generated by LLMs

ANSI X9.23

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cipher Block Chaining Hop 4
Expansion Funnel Raw 58 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted58
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
ANSI X9.23
NameANSI X9.23
StatusWithdrawn / Superseded (varies by implementation)
DomainFinancial services, Cryptography, Data security
Originating bodyAmerican National Standards Institute
Published1988 (original), revisions thereafter
Related standardsISO/IEC 10116, FIPS 46-3, ANSI X9.17, ANSI X9.31, NIST publications

ANSI X9.23

ANSI X9.23 is a United States financial industry standard that defined methods for symmetric-key block cipher padding and certain message authentication operations for use in banking and payment systems. The standard was produced under the auspices of the American National Standards Institute and developed through committees including industry participants from major banks and payment networks. It served as an interoperable specification for message formatting, cryptographic padding, and some integrity-related functions widely referenced by financial institutions, central banks, card schemes, and standards bodies.

Overview

ANSI X9.23 was created to address interoperable cryptographic processing among institutions such as Federal Reserve System, SWIFT, Visa Inc., Mastercard Incorporated, American Express, and regional clearinghouses including Bank of England clearing operations. Committees that contributed included representatives from The Clearing House Payments Company, Automated Clearing House (ACH), and major commercial banks like JP Morgan Chase, Citigroup Inc., Wells Fargo, and Bank of America. Its provisions were coordinated with international standards organizations including International Organization for Standardization and International Electrotechnical Commission working groups and influenced related documents from National Institute of Standards and Technology and finance regulators such as the Office of the Comptroller of the Currency.

Technical Specifications

ANSI X9.23 specified padding techniques for block ciphers (notably for modes built on Data Encryption Standard and later Advanced Encryption Standard primitives) and included conventions for the last block padding value and optional random bytes. It described a scheme where the final byte indicates the number of padding bytes appended; preceding padding bytes may be zero or random depending on implementation. The specification detailed byte-level layout for use with cipher modes described in standards such as Electronic Codebook, Cipher Block Chaining, and derivations used by payment systems. It also referenced key-management constructs aligned with standards produced by groups such as ISO/IEC JTC 1/SC 27 and cryptographic practices advocated by National Security Agency guidance and FIPS publications.

Technical annexes outlined interoperability points with other standards including those maintained by ISO, IEC, and regional standards bodies. ANSI X9.23 did not itself mandate a particular block cipher but assumed usage with algorithms approved by authorities like NIST and considerations influenced by algorithm lifecycles discussed in venues such as IETF and academic conferences like Crypto and Eurocrypt.

Applications and Usage

Financial messaging, card personalization, file encryption for clearing, and archive protection in institutions such as Federal Reserve Bank of New York, European Central Bank, Bank of Japan, and People’s Bank of China implementations leveraged the padding convention to enable consistent decryption and message recovery. Card networks including Visa Inc. and Mastercard Incorporated referenced the padding and MAC-compatible layouts in tokenization and card issuance processes. Payment processors and service providers such as Fiserv, Inc., Global Payments Inc., and First Data Corporation used the standard in legacy cryptographic modules and hardware security modules from vendors like Thales Group, Gemalto, and Entrust.

ANSI X9.23 also appeared in proprietary implementations in ATMs, point-of-sale systems by manufacturers such as Diebold Nixdorf, and clearing software used by exchanges like New York Stock Exchange and Nasdaq. Interoperability case studies often involved coordination between national payment infrastructures and international networks such as SWIFT and card schemes.

Security Considerations

Security analysis of padding schemes referenced in ANSI X9.23 has been discussed in academic and industry literature, including work presented at conferences like USENIX Security Symposium and ACM CCS. Padding oracle attack research, with notable examples from scholars associated with University of California, Berkeley, École Polytechnique Fédérale de Lausanne, and Technische Universität Darmstadt, showed how improper handling of padding errors can leak information. Guidance from NIST and operational advisories from central banks emphasized robust error handling, authenticated encryption modes (e.g., Galois/Counter Mode), and migrating to algorithms and modes that provide built-in integrity such as Authenticated Encryption with Associated Data.

Operational controls recommended by regulators including Office of the Comptroller of the Currency and Financial Conduct Authority include secure key management, use of validated cryptographic modules certified under programs like FIPS 140-2 and successor schemes, and periodic review aligned with publications from ISO/IEC committees.

History and Standards Development

ANSI X9.23 originated within the ANSI Accredited Standards Committee X9, which includes members from institutions such as American Bankers Association, clearing banks, and technology vendors. Development paralleled other X9 series standards like ANSI X9.17 (key management) and ANSI X9.31 (random number generation and digital signatures), and evolved as cryptographic practice shifted from Data Encryption Standard to Advanced Encryption Standard. Revisions were influenced by international harmonization efforts with ISO and technical advice from NIST and practitioners from major financial firms. Over time, many users migrated to standards favoring authenticated encryption and newer key-management frameworks promoted by bodies such as SWIFT, European Payments Council, and national supervisory authorities.

Category:Cryptographic standards