NIST and FFX mode AES – Format-Preserving Encryption
I'm often asked about NIST standards and FFX AES – Format-Preserving Encryption.
These days, given the process of FPE standardization is well underway, we recommend people contact the good folks at NIST via the AES Modes contact page for further information.
However, astute readers may already know that NIST is on the record about the FFX standardization process here at the bottom of the following page.
"NIST is currently developing an addition to the 800-38 series of Special Publications, which will specify schemes for format preserving encryption based on the FFX framework"
It doesn't get clearer than that.
NIST savvy readers will know the 800-38 series of documents specify AES modes – like XTS mode, additional CBC modes, etc. All good crypto bed-time reading. You can find examples here:
This means the FPE AES FFX framework is in in the standards track. That's because of the proofs of security, the published method, and the peer reviews by cryptography experts – essential and critical requirements that cannot be ignored under any circumstances.
This also means the other proposed modes aren't going through the process and may never. Readers can figure out why, but this is usually because there's insufficient evidence of security, a known flaw, or something’s just not right – perhaps lacking proof for NIST to consider beyond their obligation to post it on the NIST site.
So don't just trust the vendor claims about security and FPE and related methods like Tokenization. Make sure somebody else you trust recognizes it like NIST, or at the very least ensure it has published proven methods that are peer reviewed by experts and the cryptographic backing and solid foundation to underpin it. If you don't have that, don't trust it.