Editing Block cipher mode of operation (section)

==History and standardization==
The earliest modes of operation, ECB, CBC, OFB, and CFB (see below for all), date back to 1981 and were specified in [http://csrc.nist.gov/publications/fips/fips81/fips81.htm FIPS 81], ''DES Modes of Operation''. In 2001, the US [[National Institute of Standards and Technology]] (NIST) revised its list of approved modes of operation by including [[Advanced Encryption Standard|AES]] as a block cipher and adding CTR mode in [http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf SP800-38A], ''Recommendation for Block Cipher Modes of Operation''. Finally, in January, 2010, NIST added [[Disk encryption theory#XEX-based tweaked-codebook mode with ciphertext stealing (XTS)|XTS-AES]] in [http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf SP800-38E], ''Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices''. Other confidentiality modes exist which have not been approved by NIST. For example, CTS is [[ciphertext stealing]] mode and available in many popular cryptographic libraries.

The block cipher modes ECB, CBC, OFB, CFB, CTR, and [[XTS mode|XTS]] provide confidentiality, but they do not protect against accidental modification or malicious tampering. Modification or tampering can be detected with a separate [[message authentication code]] such as [[CBC-MAC]], or a [[digital signature]]. The cryptographic community recognized the need for dedicated integrity assurances and NIST responded with HMAC, CMAC, and GMAC. [[HMAC]] was approved in 2002 as [http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf FIPS 198], ''The Keyed-Hash Message Authentication Code (HMAC)'', [[CMAC]] was released in 2005 under [http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf SP800-38B], ''Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication'', and [[Galois/Counter Mode|GMAC]] was formalized in 2007 under [http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf SP800-38D], ''Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC''.

The cryptographic community observed that compositing (combining)  a confidentiality mode with an authenticity mode could be difficult and error prone.  They therefore began to supply modes which combined confidentiality and data integrity into a single cryptographic primitive (an encryption algorithm). These combined modes are referred to as [[authenticated encryption]], AE or "authenc". Examples of AE modes are [[CCM mode|CCM]] ([http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP800-38C]), [[Galois/Counter Mode|GCM]] ([http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf SP800-38D]), [[CWC mode|CWC]], [[EAX mode|EAX]], [[IAPM (mode)|IAPM]], and [[OCB mode|OCB]].

Modes of operation are defined by a number of national and internationally recognized standards bodies. Notable standards organizations include [[National Institute of Standards and Technology|NIST]], [[International Organization for Standardization|ISO]] (with ISO/IEC 10116<ref name="ISO-10116"/>), the [[International Electrotechnical Commission|IEC]], the [[Institute of Electrical and Electronics Engineers|IEEE]], [[American National Standards Institute|ANSI]], and the [[Internet Engineering Task Force|IETF]].