NIST announces proposal to approve two FFX schemes

NIST just announced a proposal to approve two modes of format-preserving encryption for use in FIPS 140-2. Here's the announcement from NIST's web site:

Announcement of Proposal to Approve Two FFX schemes

June 9, 2011

NIST is pleased to announce a proposal to specify and approve two block cipher modes of operation for format preserving encryption (FPE). FPE is emerging as a useful cryptographic tool, whereby certain kinds of data, such as social security numbers or credit card numbers, may be selectively encrypted without changing their format. Consequently, FPE can be seamlessly retrofitted to existing applications to support the encryption of sensitive data.

Both of the modes that NIST proposes to approve are schemes that are compliant with the FFX framework that was submitted to NIST by Mihir Bellare of the University of California, San Diego, Philip Rogaway of the University of California, Davis, and Terence Spies of Voltage Security, Inc. The submission documentation for FFX is available at the modes development page, under the heading "Encryption Modes." The FFX framework is described in detail in the body of the specification [SP]. One FFX compliant scheme that NIST proposes to approve, called FF[radix] is specified in the addendum to the specification [SP2]. The second scheme that NIST proposes to approve, called VAES, is described in the additional documentation [AD] submitted by Joachim Vance of VeriFone Systems, Inc.

Also included in the documentation are Letters of Assurance from Voltage Security, Inc. and VeriFone Systems, Inc. [IP1 and IP2] in connection with intellectual property that those companies identified as possibly relevant to the implementation of FFX[radix] or VAES.

NIST proposes to recommend FFX[radix] as the preferred FPE scheme for interoperability. NIST will also consider approving other FFX schemes, in addition to VAES, on a case-by-case basis.

NIST requests comments on the proposal by July 8, 2011; comments may be submitted to

If NIST moves forward with the proposal, an additional period of public comment will be initiated on a draft special publication that specifies the modes.

FPE has proven to be very useful for encrypting data in complex legacy environments. In these situations, there's often at least one component of an installed system that can't easily handle encrypted data if its format if different than the plaintext. National governments are good examples of places where such complex legacy environments appear, so it's not too surprising that NIST is interested in approving FPE for government use.

Leave a Reply

Your email address will not be published. Required fields are marked *