U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Explanation of Changes to Draft SP 800-38G
June 27, 2014

Draft Special Publication 800-38G, Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, released for public comment in July 2013, included three methods for format-preserving encryption (FPE). Called FF1, FF2, and FF3, these methods are modes for using the Advanced Encryption Standard (AES). All of the FPE modes were submitted to NIST by the private sector. 
 
As part of the public review of Draft SP 800-38G and as part of its routine consultation with other agencies, NIST was advised by the National Security Agency that the FF2 mode in the draft did not provide the expected 128 bits of security strength for some use cases. NIST cryptographers confirmed this assessment in an analysis that is posted on the modes public comments page
 
The FF2 mode was submitted by VeriFone Systems, Inc., for NIST¹s consideration in 2011 and was originally designed for use by the payment card industry. 
 
Implementations of FF2 within the payment card industry are not vulnerable to this analysis in practice. Nevertheless, in order for FF2 to meet NIST¹s security requirements for other potential applications, VeriFone Systems, Inc., has indicated that it will submit a revised proposal for NIST to review. NIST intends to finalize SP 800-38G with FF1 and FF3 as it considers VeriFone's revised proposal of FF2.

 

Parent Project

See: Block Cipher Techniques
Created December 21, 2016, Updated June 22, 2020