LLMpediaThe first transparent, open encyclopedia generated by LLMs

ISO/IEC 18033‑3

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: AES Hop 5
Expansion Funnel Raw 86 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted86
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
ISO/IEC 18033‑3
TitleISO/IEC 18033‑3
StatusPublished
Year2010
OrganizationISO; IEC; Joint Technical Committee 1
ScopeEncryption algorithms

ISO/IEC 18033‑3 is an international standard that specifies authenticated encryption and stream cipher primitives for data confidentiality and integrity. It is part of a multipart series maintained by the International Organization for Standardization and the International Electrotechnical Commission and is cited by standards bodies, industry consortia, and national laboratories when evaluating symmetric encryption. The document organizes algorithm definitions, parameter sets, and test vectors to enable interoperable implementations across vendors, research groups, and certification labs.

Overview

ISO/IEC 18033‑3 presents a collection of symmetric cipher algorithms intended for NIST-level interoperability, addressing both block cipher-based modes and dedicated stream ciphers used in telecommunications, finance, and embedded systems. Standards bodies such as ITU-T and ETSI reference it alongside profiles from FIPS publications and guidance from IETF working groups. Certification authorities including Common Criteria labs and testing organizations like NIST National Institute of Standards and Technology examine implementations against its test vectors and conformance criteria. Academic groups at institutions such as MIT, ETH Zurich, University of Cambridge, and Tsinghua University have published analyses correlating its algorithms with cryptanalytic results from conferences like CRYPTO, EUROCRYPT, and ASIACRYPT.

Scope and Purpose

The standard aims to provide clear, implementable specifications for symmetric encryption suitable for product developers at firms such as Siemens, Huawei, Intel, ARM Holdings, and Samsung Electronics. It targets use in secure protocols engineered by projects like OpenSSL, LibreSSL, BoringSSL, and application ecosystems including Mozilla Firefox, Google Chrome, and Microsoft Edge. Regulatory and procurement organizations — for example, offices within European Commission, U.S. Department of Defense, and CNIL — use the standard as part of technical requirements for secure communications and data-at-rest protections deployed by vendors such as Cisco Systems and Juniper Networks.

Technical Specifications

Technical material includes algorithm parameterization, permitted key lengths, initialization vector formats, and deterministic test vectors used by validation programs at Common Criteria laboratories and national testing centers like NIST CMVP. The document describes bit- and byte-order conventions that implementers at firms such as ARM Holdings, Intel, and Qualcomm must follow to interoperate with stacks produced by Red Hat, Canonical (company), and Debian. It also defines conformance tests used by certification bodies affiliated with ISO and IEC committees, and interoperable message formats referenced by protocol standards from IETF and 3GPP.

Cipher Modes and Algorithms

ISO/IEC 18033‑3 enumerates modes and cipher constructions originating from researchers associated with projects at UC Berkeley, University of Waterloo, and University College London; examples include stream ciphers and counter-mode constructions influenced by designs published at SASC workshops and evaluated in venues such as CHES. Implementations based on the standard have been integrated into products by Oracle Corporation, IBM, and open-source projects like OpenSSH. The standard's algorithms have been compared to block cipher modes specified in FIPS 197 and stream ciphers analyzed in proceedings of NDSS, RSA Conference, and Black Hat USA.

Security Considerations and Analysis

Security guidance references threat models discussed in publications from ENISA and analysis reports by groups at Microsoft Research, Google Research, and Facebook AI Research. Cryptanalytic attacks cataloged in the literature—papers authored by teams at University of California, Santa Barbara, Technical University of Denmark, and Saarland University—inform recommended key lengths and usage constraints. The standard cautions implementers about misuse scenarios familiar to developers of OpenVPN, IPsec, and TLS stacks and highlights known weaknesses identified in public disclosures coordinated through CERT Coordination Center and vendor advisories from Cisco Systems and Microsoft.

Implementations and Profiles

Commercial and open-source implementations of algorithms compatible with the standard appear in libraries such as OpenSSL, LibreSSL, BoringSSL, and vendor SDKs from Intel and ARM. Profiles for constrained devices reference guidelines from IETF ACE and LoRa Alliance deployments, and test suites used by certification laboratories at NIST and ANSSI ensure compliance in products by Schneider Electric and Philips. Interoperability initiatives led by consortia like PCI Security Standards Council and OWASP encourage developers of web servers such as Apache HTTP Server and NGINX to follow the standard's parameter choices.

History and Development

Development occurred within ISO/IEC Joint Technical Committee 1 subcommittees with contributions from national bodies including ANSI, BSI, DIN, AFNOR, SCC, and JISC. Drafts were influenced by algorithm proposals and cryptanalytic discourse presented at IACR conferences and reviewed by researchers affiliated with École Polytechnique Fédérale de Lausanne, University of Illinois Urbana–Champaign, and Princeton University. The published edition reconciled inputs from industry stakeholders such as IBM, Microsoft, RSA Security, and academic reviewers, following ISO/IEC procedures similar to those used in the development of standards like ISO/IEC 19790 and ISO/IEC 27001.

Category:Cryptographic standards