FIPS 197

FIPS 197

FIPS 197 is a United States Federal Information Processing Standard that specifies a cryptographic algorithm for securing electronic data. Adopted by the National Institute of Standards and Technology, it defines a symmetric block cipher widely used across technical standards, commercial products, academic research, and international protocols. The standard intersects with work by collaborators and institutions influential in cryptography and information assurance.

Background

FIPS 197 emerged from efforts involving the National Institute of Standards and Technology, the Department of Commerce (United States), and contributors from research groups associated with institutions like the Massachusetts Institute of Technology, the University of California, Berkeley, and the University of Oxford. Influential cryptographers and teams from organizations such as IBM, Microsoft, and the Internet Engineering Task Force participated in evaluations and implementations that informed the standard. Development drew on antecedents in block cipher research represented by publications from venues like the International Association for Cryptologic Research, the Crypto (conference), and the IEEE Symposium on Security and Privacy. Standardization work related to other documents such as standards from the International Organization for Standardization and the International Electrotechnical Commission influenced adoption strategies. National programs and initiatives, including projects from the National Security Agency and policy discussions involving the White House and the United States Congress, shaped deployment priorities across federal agencies like the Department of Defense and civilian agencies including the Internal Revenue Service and the Social Security Administration.

Specification

The specification defines a block cipher with precise parameters that were characterized and formalized by standards bodies and academic publications. It details algorithmic components illustrated in textbooks and monographs from publishers associated with Springer Science+Business Media, the Association for Computing Machinery, and the Royal Society. Algorithmic design considerations reference mathematical foundations discussed in works by scholars affiliated with the Institute for Advanced Study, the Courant Institute of Mathematical Sciences, and the École Normale Supérieure. The document enumerates block size, key schedules, and transformation functions, aligning with theoretical analyses found in papers presented at the European Symposium on Research in Computer Security and the ACM Conference on Computer and Communications Security. Cryptanalytic evaluation and entropy considerations were debated in forums including the RSA Conference, the Black Hat Briefings, and academic symposia at institutions such as Princeton University and Stanford University.

Implementation and Use

Implementations appear across software libraries, hardware modules, and networked systems developed by vendors and research labs. Notable implementers include teams from Intel, ARM Limited, Apple Inc., Google LLC, and telecommunications firms like Cisco Systems and Ericsson. The algorithm is embedded in protocols standardized by the Internet Engineering Task Force, adopted in documents from the World Wide Web Consortium, and referenced in specifications for secure communications in products from Oracle Corporation and IBM. Hardware-accelerated implementations are found in processors used by companies such as Advanced Micro Devices and in security products from vendors like Thales Group and Hewlett Packard Enterprise. Use cases extend to secure storage systems developed by research groups at Carnegie Mellon University, secure messaging projects from teams at Telegram Messenger LLP and WhatsApp Inc., and virtualization and cloud infrastructures operated by Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Security Analysis and Updates

Security analyses have been conducted by academic researchers affiliated with institutions such as Massachusetts Institute of Technology, University of Cambridge, and ETH Zurich, and by industrial cryptanalysis teams at firms like NIST partner organizations and independent research groups presenting at venues including USENIX, Black Hat, and the Chaos Communication Congress. Results of cryptanalytic challenges and peer-reviewed papers influenced guidance from regulatory bodies including the National Institute of Standards and Technology and interoperability profiles produced by consortia such as the Open Web Application Security Project and the Internet Security Research Group. Ongoing assessment considers advances in algorithmic cryptanalysis and developments in computational platforms from Google DeepMind, quantum computing research at IBM Research and Google AI Quantum, and policy discussions in legislative bodies like the United States Senate and advisory committees associated with the President's Council of Advisors on Science and Technology.

Compliance and Validation

Compliance frameworks and validation programs have been established by federal and international organizations, with testing and certification performed by laboratories accredited through schemes involving the National Voluntary Laboratory Accreditation Program, the Federal Communications Commission, and international test bodies connected to the European Telecommunications Standards Institute. Validation tools and conformance suites are developed and maintained by vendors, open-source communities such as those around projects at GitHub and Apache Software Foundation, and academic testbeds at institutions like Rensselaer Polytechnic Institute. Certification processes influence procurement policies in agencies including the Department of Homeland Security, Federal Bureau of Investigation, and private-sector partners like Goldman Sachs and JPMorgan Chase that integrate validated modules into financial transaction platforms.

Category:Cryptographic standards