# Pre-Release Notes - March 2025
source: https://developer.mastercard.com/mdes-digital-enablement/documentation/release-notes/pre-release-notes-march-2025/index.md
The MDES platform March 2025 release will introduce Advanced Encryption Standard (AES) Galois/Counter mode (GCM) Cipher Mode for enhanced security. It is in addition to the existing Cipher Block Chaining (CBC) mode as part of the wrapped encrypt/decrypt supported for MDES APIs.
## Summary of Changes {#summary-of-changes}
MDES will now support the AES GCM cipher block in addition to CBC mode for enhanced security.
## Release Dates {#release-dates}
* MTF - 26 February 2025
* Production - ~~26 March 2025~~ 30 April 2025
## Release Details {#release-details}
### Change 1 - Enhanced the EncryptedPayload object {#change-1---enhanced-the-encryptedpayload-object}
The algorithmCipherMode, Tag, and Aad fields are added to the EncryptedPayload object to support the AES GCM cipher mode in the /notifyTokenUpdated (request), /tokenize (requests and responses), and /searchTokens (request) APIs.
| Field and Description | Data Type | Min Length | Max Length | Required |
|-----------------------------------------------------------------------------------------------------------------------------------------|-----------|------------|------------|--------------------------------------------------------------------------------------|
| **algorithmCipherMode** Must be one of the following value: CBC - When CBC cipher mode to be used GCM - When GCM cipher mode to be used | String | 3 | 3 | Conditional -- Required when algorithmCipherMode used is GCM. |
| **tag** Tag to verify during data decryption. | String | 1 | 36 | Conditional -- Required when algorithmCipherMode used is GCM, not present otherwise. |
| **aad** Additional authentication data used in GCM mode. | String | 1 | 36 | Conditional -- optional when algorithmCipherMode used is GCM, not present otherwise. |
API Reference: `GET /digitization/static/1/0/notifyTokenUpdated`
API Reference: `GET /digitization/static/1/0/tokenize`
API Reference: `GET /digitization/static/1/0/searchTokens`
### Change 2 - Additional parameter added to indicate the use of AES GCM cipher mode in the response {#change-2---additional-parameter-added-to-indicate-the-use-of-aes-gcm-cipher-mode-in-the-response}
The algorithmCipherModeToUseInEncryptedResponse parameter is added in the /transact and /getToken APIs to indicate the use of AES GCM cipher mode in the response.
| Field and Description | Data Type | Min Length | Max Length | Required |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|------------|------------|---------------------------------------------------------------|
| **algorithmCipherModeToUseInEncryptedResponse** The AES mode is used for the encrypted response. If not present CBC will be used. Must be one of the following value: GCM - When GCM cipher mode to be used CBC - When CBC cipher mode to be used | String | 3 | 3 | Conditional -- Required when algorithmCipherMode used is GCM. |
API Reference: `GET /remotetransaction/static/1/0/transact`
API Reference: `GET /digitization/static/1/0/getToken`
## Impact {#impact}
### Existing Customers {#existing-customers}
By default, the CBC cipher mode will be used in the responses from Mastercard. If any existing customers wish to upgrade the implementation to support the GCM cipher mode, they will need to request for a CIS project.
### New Customers {#new-customers}
New customers can choose to support the GCM or CBC encryption mode to encrypt the payload. These customers will need to follow the configuration details before using this functionality.