Cryptology ePrint Archive: Report 2015/306

Analysis of VAES3 (FF2)

Morris Dworkin and Ray Perlner

Abstract: The National Institute of Standards and Technology (NIST) specified three methods for format-preserving encryption (FPE) in Draft NIST Special Publication (SP) 800-38G, which was released for public comment in July, 2013. Each method was a mode of operation of the Advanced Encryption Standard (AES). One of the three modes, VAES3, was specified under the name FF2 in the NIST draft. This note describes a theoretical chosen-plaintext attack that shows the security strength of FF2 is less than 128 bits.

Category / Keywords: secret-key cryptography / AES, format-preserving encryption

Date: received 2 Apr 2015, last revised 2 Apr 2015

Contact author: dworkin at nist gov

Available format(s): PDF | BibTeX Citation

Version: 20150406:230348 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]