ISO IEC 10116-2017 PDF

Full title and description

Information technology — Security techniques — Modes of operation for an n‑bit block cipher (ISO/IEC 10116:2017). Defines standard modes of operation for block ciphers to provide confidentiality for data in storage and transmission; includes normative object identifiers and informative guidance on properties and selection of modes. Amended by ISO/IEC 10116:2017/Amd 1:2021 which adds the CTR‑ACPKM mode.

Abstract

ISO/IEC 10116:2017 specifies five primary modes of operation for an n‑bit block cipher (Electronic Codebook ECB, Cipher Block Chaining CBC, Cipher Feedback CFB, Output Feedback OFB, and Counter CTR), gives recommendations for parameter choices, provides object identifiers for the modes and contains informative annexes describing properties, figures and examples. The modes in this standard address confidentiality only; integrity protection is outside its scope. Amendment 1 (published 22 February 2021) introduces the CTR‑ACPKM variant.

General information

• Status: Published (current; amended).
• Publication date: 11 July 2017 (ISO/IEC 10116:2017). Amendment 1 published 22 February 2021.
• Publisher: ISO and IEC (joint publication) — ISO/IEC JTC 1/SC 27 responsible committee.
• ICS / categories: 35.030 (IT security).
• Edition / version: Edition 4.0 (main edition 2017); amended edition with Amd 1 (2021).
• Number of pages: 39 (main document); Amendment 1 is 13 pages.

Scope

This standard defines modes of operation for an n‑bit block cipher intended to provide confidentiality of data during transmission or storage. It gives the definition and processing rules for each mode, recommendations for parameter selection (for example initialisation vector and counter handling), and identifies object identifiers for use in protocols and data structures. It explicitly excludes mechanisms for data integrity and authentication (see related standards for those services). The 2017 edition is the main publication; an amendment published on 22 February 2021 adds the CTR‑ACPKM mode.

Key topics and requirements

• Definitions and processing rules for the five classical modes: ECB, CBC, CFB, OFB and CTR.
• Security-relevant recommendations for parameter choices (IV/nonce generation, counter construction, block-size considerations and padding notes where applicable).
• Statement that the modes provide confidentiality only and do not guarantee integrity or authenticated encryption.
• Annex A: normative object identifiers assigned to the modes for unambiguous identification in protocols and data formats.
• Annex B: informative commentary on properties, advantages, limitations and security guidance for each mode.
• Annex C/D: figures and worked examples illustrating mode operation and message processing.
• Amendment 1 (2021): addition of the CTR‑ACPKM mode (counter mode with ACPKM key management variant) and related parameter details.

Typical use and users

Used by cryptographic library implementers, protocol designers, product vendors, security architects, system integrators and auditors to select and implement appropriate block‑cipher modes for confidentiality. Also used in product specifications, interoperability testing and security reviews where standardized, interoperable mode behavior and object identifiers are required.

Related standards

Standards commonly referenced together with ISO/IEC 10116 include ISO/IEC 9797‑1 (Message Authentication Codes using a block cipher), ISO/IEC 19772 (Authenticated encryption methods), ISO/IEC 18033‑3 (Encryption algorithms — block ciphers), and ISO/IEC 10118‑1 (Hash‑functions — general). ISO/IEC JTC 1/SC 27 publications on cryptographic techniques and object identifiers are also relevant for implementations.

Keywords

modes of operation, block cipher, ECB, CBC, CFB, OFB, CTR, CTR‑ACPKM, confidentiality, IV, nonce, object identifier, ISO/IEC 10116

FAQ

Q: What is this standard?

A: ISO/IEC 10116:2017 is the international standard that defines standard modes of operation for an n‑bit block cipher to provide data confidentiality; it was published on 11 July 2017 and was amended on 22 February 2021.

Q: What does it cover?

A: It covers the formal definitions, data processing rules and parameter recommendations for modes of operation (ECB, CBC, CFB, OFB, CTR) and includes object identifiers and informative guidance. It does not cover integrity or authenticated encryption (separate standards address those).

Q: Who typically uses it?

A: Cryptographic library developers, protocol and product designers, security architects, test laboratories and standards/interop teams who need normative, interoperable definitions of block‑cipher modes and their identifiers.

Q: Is it current or superseded?

A: The 2017 publication is the current main edition; it was amended by ISO/IEC 10116:2017/Amd 1:2021 (published 22 February 2021). Implementers should use the 2017 edition together with the 2021 amendment where applicable.

Q: Is it part of a series?

A: Yes — it is part of the ISO/IEC information security techniques family maintained by JTC 1/SC 27 and is commonly used alongside related cryptographic standards such as ISO/IEC 9797‑1 (MACs), ISO/IEC 19772 (authenticated encryption), ISO/IEC 18033 series (encryption algorithms) and the ISO/IEC 10118 series (hash functions).

Q: What are the key keywords?

A: Block cipher modes, confidentiality, ECB, CBC, CFB, OFB, CTR, CTR‑ACPKM, IV/nonce, object identifier, ISO/IEC 10116.