RFC 3686 (rfc3686) - Page 2 of 19
Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
Alternative Format: Original Text Document
RFC 3686 Using AES Counter Mode With IPsec ESP January 2004
10. Intellectual Property Statement. . . . . . . . . . . . . . . . 16
11. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 16
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
12.1. Normative References . . . . . . . . . . . . . . . . . . 17
12.2. Informative References . . . . . . . . . . . . . . . . . 17
13. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 18
14. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 19
1. Introduction
The National Institute of Standards and Technology (NIST) recently
selected the Advanced Encryption Standard (AES) [AES], also known as
Rijndael. The AES is a block cipher, and it can be used in many
different modes. This document describes the use of AES Counter Mode
(AES-CTR), with an explicit initialization vector (IV), as an IPsec
Encapsulating Security Payload (ESP) [ESP] confidentiality mechanism.
This document does not provide an overview of IPsec. However,
information about how the various components of IPsec and the way in
which they collectively provide security services is available in
[ARCH] and [ROADMAP].
1.1. Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [STDWORDS].
2. AES Block Cipher
This section contains a brief description of the relevant
characteristics of the AES block cipher. Implementation requirements
are also discussed.
2.1. Counter Mode
NIST has defined five modes of operation for AES and other FIPS-
approved block ciphers [MODES]. Each of these modes has different
characteristics. The five modes are: ECB (Electronic Code Book), CBC
(Cipher Block Chaining), CFB (Cipher FeedBack), OFB (Output
FeedBack), and CTR (Counter).
Only AES Counter mode (AES-CTR) is discussed in this specification.
AES-CTR requires the encryptor to generate a unique per-packet value,
and communicate this value to the decryptor. This specification
calls this per-packet value an initialization vector (IV). The same
IV and key combination MUST NOT be used more than once. The
Housley Standards Track